diff options
author | Damien Miller <djm@mindrot.org> | 2006-04-23 12:06:03 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2006-04-23 12:06:03 +1000 |
commit | 499a0d5ada82acbf8a5c5d496dbf0b4570dde1af (patch) | |
tree | bf1074febeccab92e23341d27133fc7cdc0eb567 /channels.c | |
parent | 63e437f053bec9e227ba11e5e6205cd1e217baac (diff) |
- djm@cvs.openbsd.org 2006/04/16 00:48:52
[buffer.c buffer.h channels.c]
Fix condition where we could exit with a fatal error when an input
buffer became too large and the remote end had advertised a big window.
The problem was a mismatch in the backoff math between the channels code
and the buffer code, so make a buffer_check_alloc() function that the
channels code can use to propsectivly check whether an incremental
allocation will succeed. bz #1131, debugged with the assistance of
cove AT wildpackets.com; ok dtucker@ deraadt@
Diffstat (limited to 'channels.c')
-rw-r--r-- | channels.c | 8 |
1 files changed, 3 insertions, 5 deletions
diff --git a/channels.c b/channels.c index fccb9098e..2fa997edc 100644 --- a/channels.c +++ b/channels.c | |||
@@ -1,4 +1,4 @@ | |||
1 | /* $OpenBSD: channels.c,v 1.249 2006/03/30 09:41:25 djm Exp $ */ | 1 | /* $OpenBSD: channels.c,v 1.250 2006/04/16 00:48:52 djm Exp $ */ |
2 | /* | 2 | /* |
3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> | 3 | * Author: Tatu Ylonen <ylo@cs.hut.fi> |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
@@ -747,12 +747,10 @@ channel_pre_open(Channel *c, fd_set *readset, fd_set *writeset) | |||
747 | { | 747 | { |
748 | u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); | 748 | u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); |
749 | 749 | ||
750 | /* check buffer limits */ | ||
751 | limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF)); | ||
752 | |||
753 | if (c->istate == CHAN_INPUT_OPEN && | 750 | if (c->istate == CHAN_INPUT_OPEN && |
754 | limit > 0 && | 751 | limit > 0 && |
755 | buffer_len(&c->input) < limit) | 752 | buffer_len(&c->input) < limit && |
753 | buffer_check_alloc(&c->input, CHAN_RBUF)) | ||
756 | FD_SET(c->rfd, readset); | 754 | FD_SET(c->rfd, readset); |
757 | if (c->ostate == CHAN_OUTPUT_OPEN || | 755 | if (c->ostate == CHAN_OUTPUT_OPEN || |
758 | c->ostate == CHAN_OUTPUT_WAIT_DRAIN) { | 756 | c->ostate == CHAN_OUTPUT_WAIT_DRAIN) { |