Kernel
/
iwd
mirror of https://git.kernel.org/pub/scm/network/wireless/iwd.git
3
0
Fork 0
Code Releases Activity

dpp-util: Avoid potential overflow 

When checking that the length is valid, avoid potentially overflowing
'iter->pos + len'
This commit is contained in:
Denis Kenzior 2022-01-14 10:32:30 -06:00
parent eddcc4c5b6
commit d2ca0c4f18
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/dpp-util.c
View File

@ -297,7 +297,7 @@ bool dpp_attr_iter_next(struct dpp_attr_iter *iter,
const uint8_t **data_out)
{
enum dpp_attribute_type type;
size_t len;
uint16_t len;
if (iter->pos + 4 > iter->end)
return false;
@ -307,7 +307,7 @@ bool dpp_attr_iter_next(struct dpp_attr_iter *iter,
iter->pos += 4;
if (iter->pos + len > iter->end)
if (iter->end - iter->pos < len)
return false;
*type_out = type;