From 11327cc5d7437b17f98580f1f173918873872c0d Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 14 Mar 2005 23:22:25 +1100 Subject: - markus@cvs.openbsd.org 2005/03/14 11:46:56 [buffer.c buffer.h channels.c] limit input buffer size for channels; bugzilla #896; with and ok dtucker@ --- channels.c | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'channels.c') diff --git a/channels.c b/channels.c index 4bd9af8e6..3f6db60c6 100644 --- a/channels.c +++ b/channels.c @@ -39,7 +39,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: channels.c,v 1.213 2005/03/10 22:01:05 deraadt Exp $"); +RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $"); #include "ssh.h" #include "ssh1.h" @@ -58,6 +58,8 @@ RCSID("$OpenBSD: channels.c,v 1.213 2005/03/10 22:01:05 deraadt Exp $"); /* -- channel core */ +#define CHAN_RBUF 16*1024 + /* * Pointer to an array containing all allocated channels. The array is * dynamically extended as needed. @@ -712,6 +714,9 @@ channel_pre_open(Channel *c, fd_set * readset, fd_set * writeset) { u_int limit = compat20 ? c->remote_window : packet_get_maxsize(); + /* check buffer limits */ + limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF)); + if (c->istate == CHAN_INPUT_OPEN && limit > 0 && buffer_len(&c->input) < limit) @@ -1360,7 +1365,7 @@ channel_post_connecting(Channel *c, fd_set * readset, fd_set * writeset) static int channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset) { - char buf[16*1024]; + char buf[CHAN_RBUF]; int len; if (c->rfd != -1 && @@ -1454,7 +1459,7 @@ channel_handle_wfd(Channel *c, fd_set * readset, fd_set * writeset) static int channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset) { - char buf[16*1024]; + char buf[CHAN_RBUF]; int len; /** XXX handle drain efd, too */ -- cgit v1.2.3