X-Git-Url: https://www.tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fmeta.c;h=4b357982779ccc82e1c3037883d005a7dd413d32;hb=6011197be5cdb18aa79713990d6a1887b9261d12;hp=a05c7bd24f4239287e27254f6391a12dcbaa661e;hpb=7e6b2dd1ea51057b7135139c200d97a9e8f9c9cb;p=tinc

diff --git a/src/meta.c b/src/meta.c
index a05c7bd2..4b357982 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -30,6 +30,10 @@
 #include "utils.h"
 #include "xalloc.h"
 
+#ifndef MIN
+#define MIN(x, y) (((x)<(y))?(x):(y))
+#endif
+
 bool send_meta_sptps(void *handle, uint8_t type, const void *buffer, size_t length) {
 	connection_t *c = handle;
 
@@ -61,6 +65,13 @@ bool send_meta(connection_t *c, const char *buffer, int length) {
 #ifdef DISABLE_LEGACY
 		return false;
 #else
+		if(length > c->outbudget) {
+			logger(DEBUG_META, LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname);
+			return false;
+		} else {
+			c->outbudget -= length;
+		}
+
 		size_t outlen = length;
 
 		if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
@@ -216,6 +227,13 @@ bool receive_meta(connection_t *c) {
 #ifdef DISABLE_LEGACY
 			return false;
 #else
+			if(inlen > c->inbudget) {
+				logger(DEBUG_META, LOG_ERR, "yte limit exceeded for decryption from %s (%s)", c->name, c->hostname);
+				return false;
+			} else {
+				c->inbudget -= inlen;
+			}
+
 			size_t outlen = inlen;
 
 			if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {