diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-09-08 12:58:40 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2010-09-08 12:58:45 +0200 |
commit | de29e3a683f91d5b392e7a6176c6a0730ebb7847 (patch) | |
tree | 5653031fe0ac82841d43c29caa8d61cf4dfe901a /src/libtls/tls_eap.c | |
parent | 99b0f633c2252a6291cad8702110c0156e8c3840 (diff) | |
download | strongswan-de29e3a683f91d5b392e7a6176c6a0730ebb7847.tar.bz2 strongswan-de29e3a683f91d5b392e7a6176c6a0730ebb7847.tar.xz |
max max_message_count configurable and move it into tls_eap_t
Diffstat (limited to 'src/libtls/tls_eap.c')
-rw-r--r-- | src/libtls/tls_eap.c | 24 |
1 files changed, 22 insertions, 2 deletions
diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c index d923f2126..fa1cf5563 100644 --- a/src/libtls/tls_eap.c +++ b/src/libtls/tls_eap.c @@ -36,7 +36,7 @@ struct private_tls_eap_t { tls_eap_t public; /** - * Type of EAP method, EAP-TLS or EAP-TTLS + * Type of EAP method, EAP-TLS, EAP-TTLS, or EAP-TNC */ eap_type_t type; @@ -59,6 +59,16 @@ struct private_tls_eap_t { * Maximum size of an outgoing EAP-TLS fragment */ size_t frag_size; + + /** + * Number of EAP messages/fragments processed so far + */ + int processed; + + /** + * Maximum number of processed EAP messages/fragments + */ + int max_msg_count; }; /** @@ -251,6 +261,14 @@ METHOD(tls_eap_t, process, status_t, eap_tls_packet_t *pkt; status_t status; + if (++this->processed > this->max_msg_count) + { + DBG1(DBG_IKE, "%N packet count exceeded (%d > %d)", + eap_type_names, this->type, + this->processed, this->max_msg_count); + return FAILED; + } + pkt = (eap_tls_packet_t*)in.ptr; if (in.len < sizeof(eap_tls_packet_t) || untoh16(&pkt->length) != in.len) @@ -321,7 +339,8 @@ METHOD(tls_eap_t, destroy, void, /** * See header */ -tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size) +tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, + int max_msg_count) { private_tls_eap_t *this; @@ -341,6 +360,7 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size) .is_server = tls->is_server(tls), .first_fragment = TRUE, .frag_size = frag_size, + .max_msg_count = max_msg_count, .tls = tls, ); |