From 30cf1aa376719b9c2e8233bd89975c842eaf46c2 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Fri, 11 Jan 2019 11:43:21 -0600
Subject: [PATCH] mpdu: Fix buffer overflow reported by asan

==25412==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000421ab0 at pc 0x000000402faf bp 0x7fffffffdb00 sp 0x7fffffffdaf0
READ of size 4 at 0x000000421ab0 thread T0
    #0 0x402fae in validate_mgmt_ies src/mpdu.c:128
    #1 0x403ce8 in validate_probe_request_mmpdu src/mpdu.c:370
    #2 0x404ef2 in validate_mgmt_mpdu src/mpdu.c:662
    #3 0x405166 in mpdu_validate src/mpdu.c:706
    #4 0x402529 in ie_order_test unit/test-mpdu.c:156
    #5 0x418f49 in l_test_run ell/test.c:83
    #6 0x402715 in main unit/test-mpdu.c:171
    #7 0x7ffff5d43ed9 in __libc_start_main (/lib64/libc.so.6+0x20ed9)
    #8 0x4019a9 in _start (/home/denkenz/iwd-master/unit/test-mpdu+0x4019a9)
---
 src/mpdu.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/mpdu.c b/src/mpdu.c
index 35f59369..4e28d5a2 100644
--- a/src/mpdu.c
+++ b/src/mpdu.c
@@ -125,7 +125,7 @@ static bool validate_mgmt_ies(const uint8_t *ies, size_t ies_len,
 			return false;
 
 		new_idx = last_idx;
-		while (tag != tag_order[new_idx] && new_idx < tag_count)
+		while (new_idx < tag_count && tag != tag_order[new_idx])
 			new_idx++;
 
 		if (new_idx < tag_count) {