Home Explore Help
Register Sign In
wareck
/
krackattacks
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

EAP-IKEv2: Add explicit limit for maximum message length

This avoids accepting unnecessarily large memory allocations.

Signed-off-by: Jouni Malinen <j@w1.fi>
Jouni Malinen 10 years ago
parent
f41f670ea5
commit
8e5c1ec32f
2 changed files with 13 additions and 0 deletions
Split View Show Diff Stats
  1. 7 0
      src/eap_peer/eap_ikev2.c
  2. 6 0
      src/eap_server/eap_server_ikev2.c

+ 7 - 0
src/eap_peer/eap_ikev2.c
View File 

@@ -301,6 +301,13 @@ static struct wpabuf * eap_ikev2_process_fragment(struct eap_ikev2_data *data,
 
 
 	if (data->in_buf == NULL) {
 
 		/* First fragment of the message */
 
+		if (message_length > 50000) {
 
+			/* Limit maximum memory allocation */
 
+			wpa_printf(MSG_DEBUG,
 
+				   "EAP-IKEV2: Ignore too long message");
 
+			ret->ignore = TRUE;
 
+			return NULL;
 
+		}
 
 		data->in_buf = wpabuf_alloc(message_length);
 
 		if (data->in_buf == NULL) {
 
 			wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "

+ 6 - 0
src/eap_server/eap_server_ikev2.c
View File 

@@ -309,6 +309,12 @@ static int eap_ikev2_process_fragment(struct eap_ikev2_data *data,
 
 
 	if (data->in_buf == NULL) {
 
 		/* First fragment of the message */
 
+		if (message_length > 50000) {
 
+			/* Limit maximum memory allocation */
 
+			wpa_printf(MSG_DEBUG,
 
+				   "EAP-IKEV2: Ignore too long message");
 
+			return -1;
 
+		}
 
 		data->in_buf = wpabuf_alloc(message_length);
 
 		if (data->in_buf == NULL) {
 
 			wpa_printf(MSG_DEBUG, "EAP-IKEV2: No memory for "