From 77cfb615e5c7501e8aee2a5212f82879e0f45bc4 Mon Sep 17 00:00:00 2001 From: James Prestwood Date: Fri, 6 Mar 2020 09:48:41 -0800 Subject: [PATCH] eap: check MTU when loading identity If the MTU was set very low an identity could exceed the maximum. --- src/eap.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/src/eap.c b/src/eap.c index 012bd58e..816b5f9a 100644 --- a/src/eap.c +++ b/src/eap.c @@ -568,10 +568,17 @@ bool eap_load_settings(struct eap_state *eap, struct l_settings *settings, * octets. Support for an NAI length of 253 octets is RECOMMENDED. * ... * RADIUS is unable to support NAI lengths beyond 253 octets + * + * We also need to fail if the identity is too large for the set MTU + * size minus 5 (header). */ - if (eap->identity && strlen(eap->identity) > 253) { - l_error("Identity is too long"); - goto err; + if (eap->identity) { + size_t id_len = strlen(eap->identity); + + if (id_len > 253 || id_len > eap->mtu - 5) { + l_error("Identity is too long"); + goto err; + } } return true;