X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fmeta.c;h=4b357982779ccc82e1c3037883d005a7dd413d32;hb=979acc48aded5bb04f1574128d174d56550be302;hp=260cb005051ff9cf6ab33473fe22d1e5a5308552;hpb=c1154bf696b0b3ad22126a76750d610e32e2ffc1;p=tinc diff --git a/src/meta.c b/src/meta.c index 260cb005..4b357982 100644 --- a/src/meta.c +++ b/src/meta.c @@ -65,6 +65,13 @@ bool send_meta(connection_t *c, const char *buffer, int length) { #ifdef DISABLE_LEGACY return false; #else + if(length > c->outbudget) { + logger(DEBUG_META, LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname); + return false; + } else { + c->outbudget -= length; + } + size_t outlen = length; if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) { @@ -220,6 +227,13 @@ bool receive_meta(connection_t *c) { #ifdef DISABLE_LEGACY return false; #else + if(inlen > c->inbudget) { + logger(DEBUG_META, LOG_ERR, "yte limit exceeded for decryption from %s (%s)", c->name, c->hostname); + return false; + } else { + c->inbudget -= inlen; + } + size_t outlen = inlen; if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {