From 5e9178b9de99cbde1e1339fbcd15445d59078b39 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Fri, 14 Jan 2022 09:45:49 -0600
Subject: [PATCH] wscutil: Avoid potential overflow

When checking that the length is valid, avoid potentially overflowing
'start + len'
---
 src/wscutil.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/wscutil.c b/src/wscutil.c
index ce8d4b2a..12e2125a 100644
--- a/src/wscutil.c
+++ b/src/wscutil.c
@@ -61,7 +61,7 @@ bool wsc_wfa_ext_iter_next(struct wsc_wfa_ext_iter *iter)
 	len = *start;
 	start += 1;
 
-	if (start + len > end)
+	if (len > end - start)
 		return false;
 
 	iter->type = type;
@@ -98,7 +98,7 @@ bool wsc_attr_iter_next(struct wsc_attr_iter *iter)
 	len = l_get_be16(start);
 	start += 2;
 
-	if (start + len > end)
+	if (len > end - start)
 		return false;
 
 	iter->type = type;