From d2ca0c4f18cd0e9a1b14a9b8d471df7960ad178c Mon Sep 17 00:00:00 2001
From: Denis Kenzior <denkenz@gmail.com>
Date: Fri, 14 Jan 2022 10:32:30 -0600
Subject: [PATCH] dpp-util: Avoid potential overflow

When checking that the length is valid, avoid potentially overflowing
'iter->pos + len'
---
 src/dpp-util.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/dpp-util.c b/src/dpp-util.c
index aaca2c48..8ea3d498 100644
--- a/src/dpp-util.c
+++ b/src/dpp-util.c
@@ -297,7 +297,7 @@ bool dpp_attr_iter_next(struct dpp_attr_iter *iter,
 			const uint8_t **data_out)
 {
 	enum dpp_attribute_type type;
-	size_t len;
+	uint16_t len;
 
 	if (iter->pos + 4 > iter->end)
 		return false;
@@ -307,7 +307,7 @@ bool dpp_attr_iter_next(struct dpp_attr_iter *iter,
 
 	iter->pos += 4;
 
-	if (iter->pos + len > iter->end)
+	if (iter->end - iter->pos < len)
 		return false;
 
 	*type_out = type;