tcp: False "Untrusted loop bound" positive, CWE-606

Field doff in struct tcp_hdr is 4 bits wide, so optlen in
tcp_tap_handler() is already bound, but make that explicit.
Reported by Coverity.

Signed-off-by: Stefano Brivio <sbrivio@redhat.com>

1 files changed, 2 insertions, 0 deletions

diff --git a/tcp.c b/tcp.c
index 1409c53..858eb41 100644
--- a/tcp.c
+++ b/tcp.c
@@ -2716,6 +2716,8 @@ int tcp_tap_handler(struct ctx *c, int af, const void *addr,
 		return 1;
 
 	optlen = th->doff * 4UL - sizeof(*th);
+	/* Static checkers might fail to see this: */
+	optlen = MIN(optlen, ((1UL << 4) /* from doff width */ - 6) * 4UL);
 	opts = packet_get(p, 0, sizeof(*th), optlen, NULL);
 
 	conn = tcp_hash_lookup(c, af, addr, htons(th->source), htons(th->dest));