Added a workaround for handling TLS compression

[libeap.git] / src / eap_server / eap_ttls.c

diff --git a/src/eap_server/eap_ttls.c b/src/eap_server/eap_ttls.c
index 545958d..4c71b5f 100644 (file)
--- a/src/eap_server/eap_ttls.c
+++ b/src/eap_server/eap_ttls.c
@@ -1177,6 +1177,14 @@ static void eap_ttls_process_phase2(struct eap_sm *sm,
        buf_len = in_len;
        if (data->ssl.tls_in_total > buf_len)
                buf_len = data->ssl.tls_in_total;
+       /*
+        * Even though we try to disable TLS compression, it is possible that
+        * this cannot be done with all TLS libraries. Add extra buffer space
+        * to handle the possibility of the decrypted data being longer than
+        * input data.
+        */
+       buf_len += 500;
+       buf_len *= 3;
        in_decrypted = os_malloc(buf_len);
        if (in_decrypted == NULL) {
                os_free(data->ssl.tls_in);