3
0
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git synced 2024-12-22 13:02:44 +01:00

dpp-util: Avoid potential overflow

When checking that the length is valid, avoid potentially overflowing
'iter->pos + len'
This commit is contained in:
Denis Kenzior 2022-01-14 10:32:30 -06:00
parent eddcc4c5b6
commit d2ca0c4f18

View File

@ -297,7 +297,7 @@ bool dpp_attr_iter_next(struct dpp_attr_iter *iter,
const uint8_t **data_out)
{
enum dpp_attribute_type type;
size_t len;
uint16_t len;
if (iter->pos + 4 > iter->end)
return false;
@ -307,7 +307,7 @@ bool dpp_attr_iter_next(struct dpp_attr_iter *iter,
iter->pos += 4;
if (iter->pos + len > iter->end)
if (iter->end - iter->pos < len)
return false;
*type_out = type;