summaryrefslogtreecommitdiff
path: root/src/eap_server/eap_server_tnc.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/eap_server/eap_server_tnc.c')
-rw-r--r--src/eap_server/eap_server_tnc.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/src/eap_server/eap_server_tnc.c b/src/eap_server/eap_server_tnc.c
index 67a3dfa306119..21bd26f8296ef 100644
--- a/src/eap_server/eap_server_tnc.c
+++ b/src/eap_server/eap_server_tnc.c
@@ -480,7 +480,8 @@ static void eap_tnc_process(struct eap_sm *sm, void *priv,
message_length = WPA_GET_BE32(pos);
pos += 4;
- if (message_length < (u32) (end - pos)) {
+ if (message_length < (u32) (end - pos) ||
+ message_length > 75000) {
wpa_printf(MSG_DEBUG, "EAP-TNC: Invalid Message "
"Length (%d; %ld remaining in this msg)",
message_length, (long) (end - pos));
generated by cgit v1.2.3 (git 2.25.1) at 2025-06-22 07:34:19 +0000