Extra validation to keep static analyzers happy

Use of two variables to track bounds checking seems to be a bit too much
for some static analyzers, so add an extra condition for buffer padding
to avoid incorrect warnings.

Signed-hostap: Jouni Malinen <j@w1.fi>

diff --git a/src/ap/wpa_auth_ft.c b/src/ap/wpa_auth_ft.c
index 48bf79b..ccb3f82 100644 (file)
--- a/src/ap/wpa_auth_ft.c
+++ b/src/ap/wpa_auth_ft.c
@@ -416,7 +416,7 @@ static u8 * wpa_ft_gtk_subelem(struct wpa_state_machine *sm, size_t *len)
                pad_len = 8 - pad_len;
        if (key_len + pad_len < 16)
                pad_len += 8;
-       if (pad_len) {
+       if (pad_len && key_len < sizeof(keybuf)) {
                os_memcpy(keybuf, gsm->GTK[gsm->GN - 1], key_len);
                os_memset(keybuf + key_len, 0, pad_len);
                keybuf[key_len] = 0xdd;