diff options
-rw-r--r-- | src/charon/plugins/eap_tls/eap_tls.c | 13 |
1 files changed, 13 insertions, 0 deletions
diff --git a/src/charon/plugins/eap_tls/eap_tls.c b/src/charon/plugins/eap_tls/eap_tls.c index 25cb7775c..57f327991 100644 --- a/src/charon/plugins/eap_tls/eap_tls.c +++ b/src/charon/plugins/eap_tls/eap_tls.c @@ -43,6 +43,11 @@ struct private_eap_tls_t { identification_t *peer; /** + * Number of EAP-TLS messages processed so far + */ + int processed; + + /** * Is this method instance acting as server? */ bool is_server; @@ -77,6 +82,8 @@ struct private_eap_tls_t { #define MAX_TLS_MESSAGE_LEN 16384 /** Size of a EAP-TLS fragment */ #define EAP_TLS_FRAGMENT_LEN 1014 +/** Maximum number of EAP-TLS messages/fragments allowed */ +#define MAX_EAP_TLS_MESSAGE_COUNT 16 /** * Flags of an EAP-TLS message @@ -320,6 +327,12 @@ METHOD(eap_method_t, process, status_t, chunk_t data; status_t status; + if (++this->processed > MAX_EAP_TLS_MESSAGE_COUNT) + { + DBG1(DBG_IKE, "EAP-TLS packet count exceeded"); + return FAILED; + } + data = in->get_data(in); pkt = (eap_tls_packet_t*)data.ptr; |