X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fmeta.c;h=45f27622394396a3c3022bbbc11e27f96b8923f0;hp=06ab96e454fa5a3ff97bca1a0858b6a730d61815;hb=19c0337c4cac78dc302d5a1f637dcad45785a6e3;hpb=4a5c12ec97fa1e82aae2d327fdc648e5203eb478 diff --git a/src/meta.c b/src/meta.c index 06ab96e4..45f27622 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,6 +1,6 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2015 Guus Sliepen , + Copyright (C) 2000-2016 Guus Sliepen , 2000-2005 Ivo Timmermans 2006 Scott Lamb @@ -62,6 +62,14 @@ bool send_meta(connection_t *c, const char *buffer, int length) { /* Add our data to buffer */ if(c->status.encryptout) { + /* Check encryption limits */ + if(length > c->outbudget) { + ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname); + return false; + } else { + c->outbudget -= length; + } + result = EVP_EncryptUpdate(c->outctx, (unsigned char *)c->outbuf + c->outbufstart + c->outbuflen, &outlen, (unsigned char *)buffer, length); if(!result || outlen < length) { @@ -96,7 +104,7 @@ bool flush_meta(connection_t *c) { } else if(errno == EINTR) { continue; } else if(sockwouldblock(sockerrno)) { - ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", + ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", c->outbuflen, c->name, c->hostname); return true; } else { @@ -175,6 +183,14 @@ bool receive_meta(connection_t *c) { /* Decrypt */ if(c->status.decryptin && !decrypted) { + /* Check decryption limits */ + if(lenin > c->inbudget) { + ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for decryption from %s (%s)", c->name, c->hostname); + return false; + } else { + c->inbudget -= lenin; + } + result = EVP_DecryptUpdate(c->inctx, (unsigned char *)inbuf, &lenout, (unsigned char *)c->buffer + oldlen, lenin); if(!result || lenout != lenin) { logger(LOG_ERR, "Error while decrypting metadata from %s (%s): %s",