aboutsummaryrefslogtreecommitdiffstats
path: root/src/eap_server/eap_server_ikev2.c
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2014-12-20 22:25:16 (GMT)
committerJouni Malinen <j@w1.fi>2014-12-20 22:25:16 (GMT)
commit8e5c1ec32f3fdedd2b792774e5c4403fa78326d5 (patch)
tree5a506832402ec9d5a0426bf95ba6485028e2dbb7 /src/eap_server/eap_server_ikev2.c
parentf41f670ea53247c85c43697c1ff233e4241240b9 (diff)
downloadhostap-8e5c1ec32f3fdedd2b792774e5c4403fa78326d5.zip
hostap-8e5c1ec32f3fdedd2b792774e5c4403fa78326d5.tar.gz
hostap-8e5c1ec32f3fdedd2b792774e5c4403fa78326d5.tar.bz2
EAP-IKEv2: Add explicit limit for maximum message length
This avoids accepting unnecessarily large memory allocations. Signed-off-by: Jouni Malinen <j@w1.fi>
Diffstat (limited to 'src/eap_server/eap_server_ikev2.c')
-rw-r--r--src/eap_server/eap_server_ikev2.c6
1 files changed, 6 insertions, 0 deletions
diff --git a/src/eap_server/eap_server_ikev2.c b/src/eap_server/eap_server_ikev2.c
index 804f785..16e6276 100644
--- a/src/eap_server/eap_server_ikev2.c
+++ b/src/eap_server/eap_server_ikev2.c
@@ -309,6 +309,12 @@ static int eap_ikev2_process_fragment(struct eap_ikev2_data *data,
if (data->in_buf == NULL) {
/* First fragment of the message */
+ if (message_length > 50000) {
+ /* Limit maximum memory allocation */
+ wpa_printf(MSG_DEBUG,
+ "EAP-IKEV2: Ignore too long message");
+ return -1;
+ }
data->in_buf = wpabuf_alloc(message_length);
if (data->in_buf == NULL) {
wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "