aboutsummaryrefslogtreecommitdiffstats
path: root/src/libcharon/encoding
diff options
context:
space:
mode:
authorTobias Brunner <tobias@strongswan.org>2014-09-16 15:51:21 +0200
committerTobias Brunner <tobias@strongswan.org>2014-10-10 09:32:42 +0200
commit8dbe128c8c896763e13e1719bfc705aae783e4b1 (patch)
treea5a852e549287882a59ae48a3267b300b66de3a8 /src/libcharon/encoding
parentf00a9c171592c05cc6e77030b791e80525dd839b (diff)
downloadstrongswan-8dbe128c8c896763e13e1719bfc705aae783e4b1.tar.bz2
strongswan-8dbe128c8c896763e13e1719bfc705aae783e4b1.tar.xz
message: Limit maximum number of IKEv2 fragments
The maximum for IKEv1 is already 255 due to the 8-bit fragment number. With an overhead of 17 bytes (x64) per fragment and a default maximum of 10000 bytes per packet the maximum memory required is 14 kB for a fragmented message.
Diffstat (limited to 'src/libcharon/encoding')
-rw-r--r--src/libcharon/encoding/message.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 5e5647dd6..cb6c97f25 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -931,6 +931,11 @@ struct private_message_t {
};
/**
+ * Maximum number of fragments we will handle
+ */
+#define MAX_FRAGMENTS 255
+
+/**
* A single fragment within a fragmented message
*/
typedef struct {
@@ -2779,7 +2784,12 @@ METHOD(message_t, add_fragment_v2, status_t,
}
encrypted_fragment = (encrypted_fragment_payload_t*)payload;
total = encrypted_fragment->get_total_fragments(encrypted_fragment);
-
+ if (total > MAX_FRAGMENTS)
+ {
+ DBG1(DBG_IKE, "maximum fragment count exceeded");
+ reset_defrag(this);
+ return FAILED;
+ }
if (!this->fragments || total > this->frag->last)
{
reset_defrag(this);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-19 09:51:59 +0000