Enforce maximum amount of bytes sent/received on meta-connections.

[tinc] / src / meta.c

diff --git a/src/meta.c b/src/meta.c
index 260cb00..4b35798 100644 (file)
--- a/src/meta.c
+++ b/src/meta.c
@@ -65,6 +65,13 @@ bool send_meta(connection_t *c, const char *buffer, int length) {
 #ifdef DISABLE_LEGACY
                return false;
 #else
+               if(length > c->outbudget) {
+                       logger(DEBUG_META, LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname);
+                       return false;
+               } else {
+                       c->outbudget -= length;
+               }
+
                size_t outlen = length;
 
                if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
@@ -220,6 +227,13 @@ bool receive_meta(connection_t *c) {
 #ifdef DISABLE_LEGACY
                        return false;
 #else
+                       if(inlen > c->inbudget) {
+                               logger(DEBUG_META, LOG_ERR, "yte limit exceeded for decryption from %s (%s)", c->name, c->hostname);
+                               return false;
+                       } else {
+                               c->inbudget -= inlen;
+                       }
+
                        size_t outlen = inlen;
 
                        if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {