const u8 *end = pos + len;
u16 len2;
const u8 *pos2;
+ u8 uri_len;
wpa_hexdump(MSG_DEBUG, "HS 2.0: Parsing OSU Provider", pos, len);
prov = os_realloc_array(wpa_s->osu_prov,
}
/* OSU Server URI */
- if (pos + 1 > end || pos + 1 + pos[0] > end) {
+ if (pos + 1 > end) {
+ wpa_printf(MSG_DEBUG,
+ "HS 2.0: Not enough room for OSU Server URI length");
+ return;
+ }
+ uri_len = *pos++;
+ if (uri_len > end - pos) {
wpa_printf(MSG_DEBUG, "HS 2.0: Not enough room for OSU Server "
"URI");
return;
}
- os_memcpy(prov->server_uri, pos + 1, pos[0]);
- pos += 1 + pos[0];
+ os_memcpy(prov->server_uri, pos, uri_len);
+ pos += uri_len;
/* OSU Method list */
if (pos + 1 > end || pos + 1 + pos[0] > end) {