Limit the number of EAP-TLS packets allowed

1 files changed, 13 insertions, 0 deletions

diff --git a/src/charon/plugins/eap_tls/eap_tls.c b/src/charon/plugins/eap_tls/eap_tls.c
index 25cb7775c..57f327991 100644
--- a/src/charon/plugins/eap_tls/eap_tls.c
+++ b/src/charon/plugins/eap_tls/eap_tls.c
@@ -43,6 +43,11 @@ struct private_eap_tls_t {
 	identification_t *peer;
 
 	/**
+	 * Number of EAP-TLS messages processed so far
+	 */
+	int processed;
+
+	/**
 	 * Is this method instance acting as server?
 	 */
 	bool is_server;
@@ -77,6 +82,8 @@ struct private_eap_tls_t {
 #define MAX_TLS_MESSAGE_LEN 16384
 /** Size of a EAP-TLS fragment */
 #define EAP_TLS_FRAGMENT_LEN 1014
+/** Maximum number of EAP-TLS messages/fragments allowed */
+#define MAX_EAP_TLS_MESSAGE_COUNT 16
 
 /**
  * Flags of an EAP-TLS message
@@ -320,6 +327,12 @@ METHOD(eap_method_t, process, status_t,
 	chunk_t data;
 	status_t status;
 
+	if (++this->processed > MAX_EAP_TLS_MESSAGE_COUNT)
+	{
+		DBG1(DBG_IKE, "EAP-TLS packet count exceeded");
+		return FAILED;
+	}
+
 	data = in->get_data(in);
 
 	pkt = (eap_tls_packet_t*)data.ptr;