WPS: Avoid bogus static analyzer warning in ndef_parse_record()

Use a local variable and check the record payload length validity before
writing it into record->payload_length in hopes of getting rid of a
bogus static analyzer warning. The negative return value was sufficient
to avoid record->payload_length being used, but that seems to be too
complex for some analyzers. (CID 122668)

Signed-off-by: Jouni Malinen <jouni@qca.qualcomm.com>

diff --git a/src/wps/ndef.c b/src/wps/ndef.c
index cc8f6e5..bb3c055 100644 (file)
--- a/src/wps/ndef.c
+++ b/src/wps/ndef.c
@@ -45,12 +45,14 @@ static int ndef_parse_record(const u8 *data, u32 size,
                        return -1;
                record->payload_length = *pos++;
        } else {
+               u32 len;
+
                if (size < 6)
                        return -1;
-               record->payload_length = WPA_GET_BE32(pos);
-               if (record->payload_length > size - 6 ||
-                   record->payload_length > 20000)
+               len = WPA_GET_BE32(pos);
+               if (len > size - 6 || len > 20000)
                        return -1;
+               record->payload_length = len;
                pos += sizeof(u32);
        }