X-Git-Url: http://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fmeta.c;h=4b357982779ccc82e1c3037883d005a7dd413d32;hb=979acc48aded5bb04f1574128d174d56550be302;hp=260cb005051ff9cf6ab33473fe22d1e5a5308552;hpb=c1154bf696b0b3ad22126a76750d610e32e2ffc1;p=tinc

diff --git a/src/meta.c b/src/meta.c
index 260cb005..4b357982 100644
--- a/src/meta.c
+++ b/src/meta.c
@@ -65,6 +65,13 @@ bool send_meta(connection_t *c, const char *buffer, int length) {
 #ifdef DISABLE_LEGACY
 		return false;
 #else
+		if(length > c->outbudget) {
+			logger(DEBUG_META, LOG_ERR, "Byte limit exceeded for encryption to %s (%s)", c->name, c->hostname);
+			return false;
+		} else {
+			c->outbudget -= length;
+		}
+
 		size_t outlen = length;
 
 		if(!cipher_encrypt(c->outcipher, buffer, length, buffer_prepare(&c->outbuf, length), &outlen, false) || outlen != length) {
@@ -220,6 +227,13 @@ bool receive_meta(connection_t *c) {
 #ifdef DISABLE_LEGACY
 			return false;
 #else
+			if(inlen > c->inbudget) {
+				logger(DEBUG_META, LOG_ERR, "yte limit exceeded for decryption from %s (%s)", c->name, c->hostname);
+				return false;
+			} else {
+				c->inbudget -= inlen;
+			}
+
 			size_t outlen = inlen;
 
 			if(!cipher_decrypt(c->incipher, bufp, inlen, buffer_prepare(&c->inbuf, inlen), &outlen, false) || inlen != outlen) {