X-Git-Url: https://tinc-vpn.org/git/browse?a=blobdiff_plain;f=src%2Fprotocol_misc.c;h=0263d0016843eea310a90bf7a41e9183d68b0049;hb=c45a3fd7319d03bd147448a017f5aaed3b46fdfe;hp=284006bbf99d2b2c39fc0c4a9cc354d86d95dea2;hpb=3b6d366005b6fc23c705b3156e365316f6ab776c;p=tinc

diff --git a/src/protocol_misc.c b/src/protocol_misc.c
index 284006bb..0263d001 100644
--- a/src/protocol_misc.c
+++ b/src/protocol_misc.c
@@ -1,7 +1,7 @@
 /*
     protocol_misc.c -- handle the meta-protocol, miscellaneous functions
     Copyright (C) 1999-2005 Ivo Timmermans,
-                  2000-2013 Guus Sliepen <guus@tinc-vpn.org>
+                  2000-2022 Guus Sliepen <guus@tinc-vpn.org>
 
     This program is free software; you can redistribute it and/or modify
     it under the terms of the GNU General Public License as published by
@@ -22,6 +22,7 @@
 
 #include "address_cache.h"
 #include "connection.h"
+#include "crypto.h"
 #include "logger.h"
 #include "meta.h"
 #include "net.h"
@@ -73,13 +74,23 @@ bool pong_h(connection_t *c, const char *request) {
 	return true;
 }
 
+static bool random_early_drop(connection_t *c) {
+	if(c->outbuf.len > (size_t)maxoutbufsize / 2) {
+		if((c->outbuf.len - (size_t)maxoutbufsize / 2) > prng((size_t)maxoutbufsize / 2)) {
+			return true;
+		}
+	}
+
+	return false;
+}
+
 /* Sending and receiving packets via TCP */
 
 bool send_tcppacket(connection_t *c, const vpn_packet_t *packet) {
 	/* If there already is a lot of data in the outbuf buffer, discard this packet.
 	   We use a very simple Random Early Drop algorithm. */
 
-	if(2.0 * c->outbuf.len / (float)maxoutbufsize - 1 > (float)rand() / (float)RAND_MAX) {
+	if(random_early_drop(c)) {
 		return true;
 	}
 
@@ -93,7 +104,7 @@ bool send_tcppacket(connection_t *c, const vpn_packet_t *packet) {
 bool tcppacket_h(connection_t *c, const char *request) {
 	short int len;
 
-	if(sscanf(request, "%*d %hd", &len) != 1) {
+	if(sscanf(request, "%*d %hd", &len) != 1 || len < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "PACKET", c->name,
 		       c->hostname);
 		return false;
@@ -110,11 +121,11 @@ bool send_sptps_tcppacket(connection_t *c, const void *packet, size_t len) {
 	/* If there already is a lot of data in the outbuf buffer, discard this packet.
 	   We use a very simple Random Early Drop algorithm. */
 
-	if(2.0 * c->outbuf.len / (float)maxoutbufsize - 1 > (float)rand() / (float)RAND_MAX) {
+	if(random_early_drop(c)) {
 		return true;
 	}
 
-	if(!send_request(c, "%d %zu", SPTPS_PACKET, len)) {
+	if(!send_request(c, "%d %lu", SPTPS_PACKET, (unsigned long)len)) {
 		return false;
 	}
 
@@ -125,7 +136,7 @@ bool send_sptps_tcppacket(connection_t *c, const void *packet, size_t len) {
 bool sptps_tcppacket_h(connection_t *c, const char *request) {
 	short int len;
 
-	if(sscanf(request, "%*d %hd", &len) != 1) {
+	if(sscanf(request, "%*d %hd", &len) != 1 || len < 0) {
 		logger(DEBUG_ALWAYS, LOG_ERR, "Got bad %s from %s (%s)", "SPTPS_PACKET", c->name,
 		       c->hostname);
 		return false;