Amazing-Mirror/fragattacks
1
0
Fork 0
mirror of https://github.com/vanhoefm/fragattacks.git synced 2024-11-28 18:28:23 -05:00
Code Issues Projects Releases Wiki Activity

EAP-TLS: Add extra validation for TLS Message Length

Browse Source 
While the existing code already addresses TLS Message Length validation
for both EAP-TLS peer and server side, this adds explicit checks and
rejection of invalid messages in the functions handling reassembly. This
does not change externally observable behavior in case of EAP server.
For EAP peer, this starts rejecting invalid messages instead of
addressing them by reallocating the buffer (i.e., ignoring TLS Message
Length in practice).

Signed-hostap: Jouni Malinen <j@w1.fi>
This commit is contained in:
Jouni Malinen 2012-10-07 20:18:10 +03:00
parent 586c446e0f
commit 458cb30191
2 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/eap_peer/eap_tls_common.c
View File

@ -829,6 +829,14 @@ const u8 * eap_peer_tls_process_init(struct eap_sm *sm,
}
pos += 4;
left -= 4;
if (left > tls_msg_len) {
wpa_printf(MSG_INFO, "SSL: TLS Message Length (%d "
"bytes) smaller than this fragment (%d "
"bytes)", (int) tls_msg_len, (int) left);
ret->ignore = TRUE;
return NULL;
}
}
ret->ignore = FALSE;

7
src/eap_server/eap_server_tls_common.c
View File

@ -297,6 +297,13 @@ static int eap_server_tls_reassemble(struct eap_ssl_data *data, u8 flags,
tls_msg_len);
*pos += 4;
*left -= 4;
if (*left > tls_msg_len) {
wpa_printf(MSG_INFO, "SSL: TLS Message Length (%d "
"bytes) smaller than this fragment (%d "
"bytes)", (int) tls_msg_len, (int) *left);
return -1;
}
}
wpa_printf(MSG_DEBUG, "SSL: Received packet: Flags 0x%x "