Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

TLS: Reorder length bounds checking to avoid static analyzer warning

For some reason, "pos + len > end" is not clear enough, but "len > end -
pos" is recognized. Use that to get rid of a false positive from a
static analyzer (CID 72697).

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
41f480005f
commit
7d04364104
1 changed files with 1 additions and 1 deletions
Unified View Show Diff Stats
  1. 1 1
      src/tls/tlsv1_server_read.c

+ 1 - 1
src/tls/tlsv1_server_read.c
View File 

@@ -626,7 +626,7 @@ static int tls_process_client_key_exchange_dh(
 
 	dh_yc_len = WPA_GET_BE16(pos);
 
 	dh_yc_len = WPA_GET_BE16(pos);
 
 	dh_yc = pos + 2;
 
 	dh_yc = pos + 2;
 
 
 
-	if (dh_yc + dh_yc_len > end) {
 
+	if (dh_yc_len > end - dh_yc) {
 
 		tlsv1_server_log(conn, "Client public value overflow (length %d)",
 
 		tlsv1_server_log(conn, "Client public value overflow (length %d)",
 
 				 dh_yc_len);
 
 				 dh_yc_len);
 
 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,
 
 		tlsv1_server_alert(conn, TLS_ALERT_LEVEL_FATAL,