diff options
Diffstat (limited to 'src/libtls')
-rw-r--r-- | src/libtls/tls_eap.c | 24 | ||||
-rw-r--r-- | src/libtls/tls_eap.h | 4 |
2 files changed, 25 insertions, 3 deletions
diff --git a/src/libtls/tls_eap.c b/src/libtls/tls_eap.c index d923f2126..fa1cf5563 100644 --- a/src/libtls/tls_eap.c +++ b/src/libtls/tls_eap.c @@ -36,7 +36,7 @@ struct private_tls_eap_t { tls_eap_t public; /** - * Type of EAP method, EAP-TLS or EAP-TTLS + * Type of EAP method, EAP-TLS, EAP-TTLS, or EAP-TNC */ eap_type_t type; @@ -59,6 +59,16 @@ struct private_tls_eap_t { * Maximum size of an outgoing EAP-TLS fragment */ size_t frag_size; + + /** + * Number of EAP messages/fragments processed so far + */ + int processed; + + /** + * Maximum number of processed EAP messages/fragments + */ + int max_msg_count; }; /** @@ -251,6 +261,14 @@ METHOD(tls_eap_t, process, status_t, eap_tls_packet_t *pkt; status_t status; + if (++this->processed > this->max_msg_count) + { + DBG1(DBG_IKE, "%N packet count exceeded (%d > %d)", + eap_type_names, this->type, + this->processed, this->max_msg_count); + return FAILED; + } + pkt = (eap_tls_packet_t*)in.ptr; if (in.len < sizeof(eap_tls_packet_t) || untoh16(&pkt->length) != in.len) @@ -321,7 +339,8 @@ METHOD(tls_eap_t, destroy, void, /** * See header */ -tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size) +tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, + int max_msg_count) { private_tls_eap_t *this; @@ -341,6 +360,7 @@ tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size) .is_server = tls->is_server(tls), .first_fragment = TRUE, .frag_size = frag_size, + .max_msg_count = max_msg_count, .tls = tls, ); diff --git a/src/libtls/tls_eap.h b/src/libtls/tls_eap.h index 7d25ba799..ebda2636d 100644 --- a/src/libtls/tls_eap.h +++ b/src/libtls/tls_eap.h @@ -73,7 +73,9 @@ struct tls_eap_t { * @param type EAP type, EAP-TLS or EAP-TTLS * @param tls TLS implementation * @param frag_size maximum size of a TLS fragment we send + * @param max_msg_count maximum number of processed messages */ -tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size); +tls_eap_t *tls_eap_create(eap_type_t type, tls_t *tls, size_t frag_size, + int max_msg_count); #endif /** TLS_EAP_H_ @}*/ |