From 358f513c008bf01fadb82759ac75ffb8613fc785 Mon Sep 17 00:00:00 2001 From: Steffan Karger Date: Wed, 8 Jun 2016 14:20:39 +0200 Subject: [PATCH] Don't limit max incoming message size based on c2->frame "Be conservative in what you send, be liberal in what you accept" When receiving packets, the real limitation of how much data we can accept is the size of our internal buffers, not the maximum size we expect incoming packets to have. I ran into this while working on cipher negotiation, which will need separate bookkeeping for the required internal buffer size, and the link/tun MTU. Basing this code on the buffer size instead of c2->frame makes that easier. A nice side-effect of this change is that it simplifies the code. This should also reduce the impact of using asymmetric tun/link MTU's, such as in trac ticket #647. Signed-off-by: Steffan Karger Acked-by: Arne Schwabe Acked-by: Gert Doering Message-Id: <1465388443-15484-2-git-send-email-steffan@karger.me> URL: http://article.gmane.org/gmane.network.openvpn.devel/11850 Signed-off-by: Gert Doering (cherry picked from commit 3c1b19e04745177185decd14da82c71458442b82) Signed-off-by: Gert Doering Conflicts: src/openvpn/socket.c --- src/openvpn/forward.c | 1 - src/openvpn/socket.c | 9 +++------ src/openvpn/socket.h | 4 +--- 3 files changed, 4 insertions(+), 10 deletions(-) diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c index d55fa3b20..5ba6fcb49 100644 --- a/src/openvpn/forward.c +++ b/src/openvpn/forward.c @@ -674,7 +674,6 @@ read_incoming_link (struct context *c) status = link_socket_read (c->c2.link_socket, &c->c2.buf, - MAX_RW_SIZE_LINK (&c->c2.frame), &c->c2.from); if (socket_connection_reset (c->c2.link_socket, status)) diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index b7ac3398d..c76fd3685 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2697,7 +2697,6 @@ union openvpn_pktinfo { static socklen_t link_socket_read_udp_posix_recvmsg (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { struct iovec iov; @@ -2706,7 +2705,7 @@ link_socket_read_udp_posix_recvmsg (struct link_socket *sock, socklen_t fromlen = sizeof (from->dest.addr); iov.iov_base = BPTR (buf); - iov.iov_len = maxsize; + iov.iov_len = buf_forward_capacity_total (buf); mesg.msg_iov = &iov; mesg.msg_iovlen = 1; mesg.msg_name = &from->dest.addr; @@ -2760,20 +2759,18 @@ link_socket_read_udp_posix_recvmsg (struct link_socket *sock, int link_socket_read_udp_posix (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { socklen_t fromlen = sizeof (from->dest.addr); socklen_t expectedlen = af_addr_size(proto_sa_family(sock->info.proto)); addr_zero_host(&from->dest); - ASSERT (buf_safe (buf, maxsize)); #if ENABLE_IP_PKTINFO /* Both PROTO_UDPv4 and PROTO_UDPv6 */ if (proto_is_udp(sock->info.proto) && sock->sockflags & SF_USE_IP_PKTINFO) - fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, maxsize, from); + fromlen = link_socket_read_udp_posix_recvmsg (sock, buf, from); else #endif - buf->len = recvfrom (sock->sd, BPTR (buf), maxsize, 0, + buf->len = recvfrom (sock->sd, BPTR (buf), buf_forward_capacity(buf), 0, &from->dest.addr.sa, &fromlen); if (buf->len >= 0 && expectedlen && fromlen != expectedlen) bad_address_length (fromlen, expectedlen); diff --git a/src/openvpn/socket.h b/src/openvpn/socket.h index b7a4e0136..22eac5453 100644 --- a/src/openvpn/socket.h +++ b/src/openvpn/socket.h @@ -865,7 +865,6 @@ link_socket_read_udp_win32 (struct link_socket *sock, int link_socket_read_udp_posix (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from); #endif @@ -874,7 +873,6 @@ int link_socket_read_udp_posix (struct link_socket *sock, static inline int link_socket_read (struct link_socket *sock, struct buffer *buf, - int maxsize, struct link_socket_actual *from) { if (proto_is_udp(sock->info.proto)) /* unified UDPv4 and UDPv6 */ @@ -884,7 +882,7 @@ link_socket_read (struct link_socket *sock, #ifdef WIN32 res = link_socket_read_udp_win32 (sock, buf, from); #else - res = link_socket_read_udp_posix (sock, buf, maxsize, from); + res = link_socket_read_udp_posix (sock, buf, from); #endif return res; } -- 2.47.2