[PATCH 10/23] P2PS: Add validation for P2PS PD request

Jouni Malinen j
Wed Oct 7 06:20:54 PDT 2015


On Tue, Oct 06, 2015 at 06:56:41PM +0000, Peer, Ilan wrote:
> > From: Jouni Malinen [mailto:j at w1.fi]
> > > +static int p2ps_validate_pd_req(struct p2p_data *p2p,
> > 
> > > +	P2PS_PD_REQ_CHECK(1, adv_id);
> > > +	P2PS_PD_REQ_CHECK(1, session_id);
> > > +	P2PS_PD_REQ_CHECK(1, capability);
> > > +	P2PS_PD_REQ_CHECK(1, p2p_device_info);
> > > +	P2PS_PD_REQ_CHECK(1, feature_cap);
> > 
> > session_mac and adv_mac missing here..

> These are unconditionally set when session_id and adv_mac are set in p2p_parse_attribute(), so I assumed it is ok to skip these checks.

Ah, yes, you're correct. That said, I think I'm going to leave the
explicit checks in place since I'm not confident that static analyzers
would be able to follow the logic here and could end up reporting false
issues related to possible NULL dereference.. In any case, the extra
checks do not cause any harm here apart from making the implement a tiny
bit larger and slower.

-- 
Jouni Malinen                                            PGP id EFC895FA



More information about the Hostap mailing list