From 60e0a5073a5fa64ba53d6f3af5bd2042b37be7c5 Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Fri, 14 Jan 2022 11:08:48 -0600
Subject: [PATCH] anqputil: Avoid potential overflow

When checking that the length is valid, avoid potentially overflowing
    'anqp + l_get_le16(anqp + 2)'
---
 src/anqputil.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/anqputil.c b/src/anqputil.c
index 66528509..c0e0307e 100644
--- a/src/anqputil.c
+++ b/src/anqputil.c
@@ -48,7 +48,7 @@ bool anqp_iter_next(struct anqp_iter *iter, uint16_t *id, uint16_t *len,
 	if (iter->pos + 4 >= iter->max)
 		return false;
 
-	if (anqp + l_get_le16(anqp + 2) > end)
+	if (l_get_le16(anqp + 2) > end - anqp)
 		return false;
 
 	*id = l_get_le16(anqp);