aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/charon/plugins/eap_tls/eap_tls.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/src/charon/plugins/eap_tls/eap_tls.c b/src/charon/plugins/eap_tls/eap_tls.c
index 25cb7775c..57f327991 100644
--- a/src/charon/plugins/eap_tls/eap_tls.c
+++ b/src/charon/plugins/eap_tls/eap_tls.c
@@ -43,6 +43,11 @@ struct private_eap_tls_t {
identification_t *peer;
/**
+ * Number of EAP-TLS messages processed so far
+ */
+ int processed;
+
+ /**
* Is this method instance acting as server?
*/
bool is_server;
@@ -77,6 +82,8 @@ struct private_eap_tls_t {
#define MAX_TLS_MESSAGE_LEN 16384
/** Size of a EAP-TLS fragment */
#define EAP_TLS_FRAGMENT_LEN 1014
+/** Maximum number of EAP-TLS messages/fragments allowed */
+#define MAX_EAP_TLS_MESSAGE_COUNT 16
/**
* Flags of an EAP-TLS message
@@ -320,6 +327,12 @@ METHOD(eap_method_t, process, status_t,
chunk_t data;
status_t status;
+ if (++this->processed > MAX_EAP_TLS_MESSAGE_COUNT)
+ {
+ DBG1(DBG_IKE, "EAP-TLS packet count exceeded");
+ return FAILED;
+ }
+
data = in->get_data(in);
pkt = (eap_tls_packet_t*)data.ptr;
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-25 17:51:14 +0000