X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=blobdiff_plain;f=src%2Fmeta.c;h=ccc3b2e670d5ae9a0210929d804703323f97983f;hp=daa55e4077f6ee798395304778e5d9f5f810570e;hb=5c5ae8c48e0414cb4831ccfd2b147ab65bb5fd5c;hpb=776dbf88df1911ec379c2fece0089fd2f5c71021 diff --git a/src/meta.c b/src/meta.c index daa55e40..ccc3b2e6 100644 --- a/src/meta.c +++ b/src/meta.c @@ -1,6 +1,6 @@ /* meta.c -- handle the meta communication - Copyright (C) 2000-2014 Guus Sliepen , + Copyright (C) 2000-2017 Guus Sliepen , 2000-2005 Ivo Timmermans 2006 Scott Lamb @@ -62,6 +62,14 @@ bool send_meta(connection_t *c, const char *buffer, int length) { /* Add our data to buffer */ if(c->status.encryptout) { + /* Check encryption limits */ + if(length > c->outbudget) { + ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname); + return false; + } else { + c->outbudget -= length; + } + result = EVP_EncryptUpdate(c->outctx, (unsigned char *)c->outbuf + c->outbufstart + c->outbuflen, &outlen, (unsigned char *)buffer, length); if(!result || outlen < length) { @@ -96,7 +104,7 @@ bool flush_meta(connection_t *c) { } else if(errno == EINTR) { continue; } else if(sockwouldblock(sockerrno)) { - ifdebug(CONNECTIONS) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", + ifdebug(META) logger(LOG_DEBUG, "Flushing %d bytes to %s (%s) would block", c->outbuflen, c->name, c->hostname); return true; } else { @@ -175,6 +183,14 @@ bool receive_meta(connection_t *c) { /* Decrypt */ if(c->status.decryptin && !decrypted) { + /* Check decryption limits */ + if(lenin > c->inbudget) { + ifdebug(META) logger(LOG_ERR, "Byte limit exceeded for decryption from %s (%s)", c->name, c->hostname); + return false; + } else { + c->inbudget -= lenin; + } + result = EVP_DecryptUpdate(c->inctx, (unsigned char *)inbuf, &lenout, (unsigned char *)c->buffer + oldlen, lenin); if(!result || lenout != lenin) { logger(LOG_ERR, "Error while decrypting metadata from %s (%s): %s",