jeltz/hostap
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

EAP-IKEv2: Add explicit limit for maximum message length

Browse source 
This avoids accepting unnecessarily large memory allocations.

Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2014-12-21 00:25:16 +02:00
parent f41f670ea5
commit 8e5c1ec32f
2 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
src/eap_peer/eap_ikev2.c
View file

@ -301,6 +301,13 @@ static struct wpabuf * eap_ikev2_process_fragment(struct eap_ikev2_data *data,
if (data->in_buf == NULL) { if (data->in_buf == NULL) {
/* First fragment of the message */ /* First fragment of the message */
if (message_length > 50000) {
/* Limit maximum memory allocation */
wpa_printf(MSG_DEBUG,
"EAP-IKEV2: Ignore too long message");
ret->ignore = TRUE;
return NULL;
}
data->in_buf = wpabuf_alloc(message_length); data->in_buf = wpabuf_alloc(message_length);
if (data->in_buf == NULL) { if (data->in_buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for " wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "

6
src/eap_server/eap_server_ikev2.c
View file

@ -309,6 +309,12 @@ static int eap_ikev2_process_fragment(struct eap_ikev2_data *data,
if (data->in_buf == NULL) { if (data->in_buf == NULL) {
/* First fragment of the message */ /* First fragment of the message */
if (message_length > 50000) {
/* Limit maximum memory allocation */
wpa_printf(MSG_DEBUG,
"EAP-IKEV2: Ignore too long message");
return -1;
}
data->in_buf = wpabuf_alloc(message_length); data->in_buf = wpabuf_alloc(message_length);
if (data->in_buf == NULL) { if (data->in_buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for " wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "