EAP-IKEv2: Add explicit limit for maximum message length
This avoids accepting unnecessarily large memory allocations. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
		
							parent
							
								
									f41f670ea5
								
							
						
					
					
						commit
						8e5c1ec32f
					
				
					 2 changed files with 13 additions and 0 deletions
				
			
		|  | @ -301,6 +301,13 @@ static struct wpabuf * eap_ikev2_process_fragment(struct eap_ikev2_data *data, | ||||||
| 
 | 
 | ||||||
| 	if (data->in_buf == NULL) { | 	if (data->in_buf == NULL) { | ||||||
| 		/* First fragment of the message */ | 		/* First fragment of the message */ | ||||||
|  | 		if (message_length > 50000) { | ||||||
|  | 			/* Limit maximum memory allocation */ | ||||||
|  | 			wpa_printf(MSG_DEBUG, | ||||||
|  | 				   "EAP-IKEV2: Ignore too long message"); | ||||||
|  | 			ret->ignore = TRUE; | ||||||
|  | 			return NULL; | ||||||
|  | 		} | ||||||
| 		data->in_buf = wpabuf_alloc(message_length); | 		data->in_buf = wpabuf_alloc(message_length); | ||||||
| 		if (data->in_buf == NULL) { | 		if (data->in_buf == NULL) { | ||||||
| 			wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for " | 			wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for " | ||||||
|  |  | ||||||
|  | @ -309,6 +309,12 @@ static int eap_ikev2_process_fragment(struct eap_ikev2_data *data, | ||||||
| 
 | 
 | ||||||
| 	if (data->in_buf == NULL) { | 	if (data->in_buf == NULL) { | ||||||
| 		/* First fragment of the message */ | 		/* First fragment of the message */ | ||||||
|  | 		if (message_length > 50000) { | ||||||
|  | 			/* Limit maximum memory allocation */ | ||||||
|  | 			wpa_printf(MSG_DEBUG, | ||||||
|  | 				   "EAP-IKEV2: Ignore too long message"); | ||||||
|  | 			return -1; | ||||||
|  | 		} | ||||||
| 		data->in_buf = wpabuf_alloc(message_length); | 		data->in_buf = wpabuf_alloc(message_length); | ||||||
| 		if (data->in_buf == NULL) { | 		if (data->in_buf == NULL) { | ||||||
| 			wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for " | 			wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for " | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue
	
	 Jouni Malinen
						Jouni Malinen