gprs_cipher_core: Fix potential buffer overflows detected by Smatch

commit: 4876dcf12b2db9847073fbd2b3e28c4f962bd48a [log] [tgz]
author: Harald Welte <laforge@gnumonks.org> Sat Jul 16 12:03:13 2011 +0200
committer: Harald Welte <laforge@gnumonks.org> Sat Jul 16 12:03:46 2011 +0200
tree: 3a64ab5e99b27920aecc0eb2bc6154646800fc70
parent: 2b32215fc331f88502e652bbc4d782950d37f5c5 [diff] [blame]
diff --git a/src/gsm/gprs_cipher_core.c b/src/gsm/gprs_cipher_core.c
index 7884be0..b9a22a1 100644
--- a/src/gsm/gprs_cipher_core.c
+++ b/src/gsm/gprs_cipher_core.c

@@ -36,7 +36,7 @@
 /* register a cipher with the core */
 int gprs_cipher_register(struct gprs_cipher_impl *ciph)
 {
-	if (ciph->algo > ARRAY_SIZE(selected_ciphers))
+	if (ciph->algo >= ARRAY_SIZE(selected_ciphers))
 		return -ERANGE;
 
 	llist_add_tail(&ciph->list, &gprs_ciphers);
@@ -60,7 +60,7 @@
 int gprs_cipher_run(uint8_t *out, uint16_t len, enum gprs_ciph_algo algo,
 		    uint64_t kc, uint32_t iv, enum gprs_cipher_direction dir)
 {
-	if (algo > ARRAY_SIZE(selected_ciphers))
+	if (algo >= ARRAY_SIZE(selected_ciphers))
 		return -ERANGE;
 
 	if (!selected_ciphers[algo])
@@ -75,7 +75,7 @@
 
 int gprs_cipher_supported(enum gprs_ciph_algo algo)
 {
-	if (algo > ARRAY_SIZE(selected_ciphers))
+	if (algo >= ARRAY_SIZE(selected_ciphers))
 		return -ERANGE;
 
 	if (selected_ciphers[algo])
commit	4876dcf12b2db9847073fbd2b3e28c4f962bd48a	[log] [tgz]
author	Harald Welte <laforge@gnumonks.org>	Sat Jul 16 12:03:13 2011 +0200
committer	Harald Welte <laforge@gnumonks.org>	Sat Jul 16 12:03:46 2011 +0200
tree	3a64ab5e99b27920aecc0eb2bc6154646800fc70
parent	2b32215fc331f88502e652bbc4d782950d37f5c5 [diff] [blame]