mirror of
https://github.com/vanhoefm/fragattacks.git
synced 2025-01-18 02:44:03 -05:00
Added a workaround for handling TLS compression
Even though we try to disable TLS compression, it is possible that this cannot be done with all TLS libraries. For example, OpenSSL 0.9.8 does not seem to have a configuration item for disabling all compression (0.9.9 has such an option). If compression is used, Phase 2 decryption may end up producing more data than the input buffer due to compressed data. This shows up especially with EAP-TNC that uses very compressible data format. As a workaround, increase the decryption buffer length to (orig_len+500)*3. This is a hack, but at least it handles most cases. TLS compression should really be disabled for EAP use of TLS, but since this can show up with common setups, it is better to handle this case.
This commit is contained in:
parent
e572cb6398
commit
ef626b4d50
@ -827,6 +827,14 @@ int eap_peer_tls_decrypt(struct eap_sm *sm, struct eap_ssl_data *data,
|
|||||||
buf_len = wpabuf_len(in_data);
|
buf_len = wpabuf_len(in_data);
|
||||||
if (data->tls_in_total > buf_len)
|
if (data->tls_in_total > buf_len)
|
||||||
buf_len = data->tls_in_total;
|
buf_len = data->tls_in_total;
|
||||||
|
/*
|
||||||
|
* Even though we try to disable TLS compression, it is possible that
|
||||||
|
* this cannot be done with all TLS libraries. Add extra buffer space
|
||||||
|
* to handle the possibility of the decrypted data being longer than
|
||||||
|
* input data.
|
||||||
|
*/
|
||||||
|
buf_len += 500;
|
||||||
|
buf_len *= 3;
|
||||||
*in_decrypted = wpabuf_alloc(buf_len ? buf_len : 1);
|
*in_decrypted = wpabuf_alloc(buf_len ? buf_len : 1);
|
||||||
if (*in_decrypted == NULL) {
|
if (*in_decrypted == NULL) {
|
||||||
eap_peer_tls_reset_input(data);
|
eap_peer_tls_reset_input(data);
|
||||||
|
@ -1334,6 +1334,14 @@ static void eap_fast_process_phase2(struct eap_sm *sm,
|
|||||||
buf_len = in_len;
|
buf_len = in_len;
|
||||||
if (data->ssl.tls_in_total > buf_len)
|
if (data->ssl.tls_in_total > buf_len)
|
||||||
buf_len = data->ssl.tls_in_total;
|
buf_len = data->ssl.tls_in_total;
|
||||||
|
/*
|
||||||
|
* Even though we try to disable TLS compression, it is possible that
|
||||||
|
* this cannot be done with all TLS libraries. Add extra buffer space
|
||||||
|
* to handle the possibility of the decrypted data being longer than
|
||||||
|
* input data.
|
||||||
|
*/
|
||||||
|
buf_len += 500;
|
||||||
|
buf_len *= 3;
|
||||||
in_decrypted = os_malloc(buf_len);
|
in_decrypted = os_malloc(buf_len);
|
||||||
if (in_decrypted == NULL) {
|
if (in_decrypted == NULL) {
|
||||||
os_free(data->ssl.tls_in);
|
os_free(data->ssl.tls_in);
|
||||||
|
@ -1161,6 +1161,14 @@ static void eap_peap_process_phase2(struct eap_sm *sm,
|
|||||||
buf_len = in_len;
|
buf_len = in_len;
|
||||||
if (data->ssl.tls_in_total > buf_len)
|
if (data->ssl.tls_in_total > buf_len)
|
||||||
buf_len = data->ssl.tls_in_total;
|
buf_len = data->ssl.tls_in_total;
|
||||||
|
/*
|
||||||
|
* Even though we try to disable TLS compression, it is possible that
|
||||||
|
* this cannot be done with all TLS libraries. Add extra buffer space
|
||||||
|
* to handle the possibility of the decrypted data being longer than
|
||||||
|
* input data.
|
||||||
|
*/
|
||||||
|
buf_len += 500;
|
||||||
|
buf_len *= 3;
|
||||||
in_decrypted = wpabuf_alloc(buf_len);
|
in_decrypted = wpabuf_alloc(buf_len);
|
||||||
if (in_decrypted == NULL) {
|
if (in_decrypted == NULL) {
|
||||||
os_free(data->ssl.tls_in);
|
os_free(data->ssl.tls_in);
|
||||||
|
@ -1177,6 +1177,14 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
|
|||||||
buf_len = in_len;
|
buf_len = in_len;
|
||||||
if (data->ssl.tls_in_total > buf_len)
|
if (data->ssl.tls_in_total > buf_len)
|
||||||
buf_len = data->ssl.tls_in_total;
|
buf_len = data->ssl.tls_in_total;
|
||||||
|
/*
|
||||||
|
* Even though we try to disable TLS compression, it is possible that
|
||||||
|
* this cannot be done with all TLS libraries. Add extra buffer space
|
||||||
|
* to handle the possibility of the decrypted data being longer than
|
||||||
|
* input data.
|
||||||
|
*/
|
||||||
|
buf_len += 500;
|
||||||
|
buf_len *= 3;
|
||||||
in_decrypted = os_malloc(buf_len);
|
in_decrypted = os_malloc(buf_len);
|
||||||
if (in_decrypted == NULL) {
|
if (in_decrypted == NULL) {
|
||||||
os_free(data->ssl.tls_in);
|
os_free(data->ssl.tls_in);
|
||||||
|
Loading…
Reference in New Issue
Block a user