aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/libcharon/encoding/message.c12
1 files changed, 11 insertions, 1 deletions
diff --git a/src/libcharon/encoding/message.c b/src/libcharon/encoding/message.c
index 5e5647dd6..cb6c97f25 100644
--- a/src/libcharon/encoding/message.c
+++ b/src/libcharon/encoding/message.c
@@ -931,6 +931,11 @@ struct private_message_t {
};
/**
+ * Maximum number of fragments we will handle
+ */
+#define MAX_FRAGMENTS 255
+
+/**
* A single fragment within a fragmented message
*/
typedef struct {
@@ -2779,7 +2784,12 @@ METHOD(message_t, add_fragment_v2, status_t,
}
encrypted_fragment = (encrypted_fragment_payload_t*)payload;
total = encrypted_fragment->get_total_fragments(encrypted_fragment);
-
+ if (total > MAX_FRAGMENTS)
+ {
+ DBG1(DBG_IKE, "maximum fragment count exceeded");
+ reset_defrag(this);
+ return FAILED;
+ }
if (!this->fragments || total > this->frag->last)
{
reset_defrag(this);
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-21 07:48:17 +0000