EAP-IKEv2: Add explicit limit for maximum message length
This avoids accepting unnecessarily large memory allocations. Signed-off-by: Jouni Malinen <j@w1.fi>
This commit is contained in:
parent
f41f670ea5
commit
8e5c1ec32f
2 changed files with 13 additions and 0 deletions
|
@ -301,6 +301,13 @@ static struct wpabuf * eap_ikev2_process_fragment(struct eap_ikev2_data *data,
|
|||
|
||||
if (data->in_buf == NULL) {
|
||||
/* First fragment of the message */
|
||||
if (message_length > 50000) {
|
||||
/* Limit maximum memory allocation */
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-IKEV2: Ignore too long message");
|
||||
ret->ignore = TRUE;
|
||||
return NULL;
|
||||
}
|
||||
data->in_buf = wpabuf_alloc(message_length);
|
||||
if (data->in_buf == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "
|
||||
|
|
|
@ -309,6 +309,12 @@ static int eap_ikev2_process_fragment(struct eap_ikev2_data *data,
|
|||
|
||||
if (data->in_buf == NULL) {
|
||||
/* First fragment of the message */
|
||||
if (message_length > 50000) {
|
||||
/* Limit maximum memory allocation */
|
||||
wpa_printf(MSG_DEBUG,
|
||||
"EAP-IKEV2: Ignore too long message");
|
||||
return -1;
|
||||
}
|
||||
data->in_buf = wpabuf_alloc(message_length);
|
||||
if (data->in_buf == NULL) {
|
||||
wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "
|
||||
|
|
Loading…
Reference in a new issue