diff options
| author | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-07-12 21:14:21 +0200 |
|---|---|---|
| committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2012-07-12 21:26:18 +0200 |
| commit | 8ef43d878699d152d9ae4ccfb6bd15837d6b1269 (patch) | |
| tree | 7cdcb14d46337a3748472ae67d9a517298f1bb1e /src/libimcv | |
| parent | 968c83cdebc9e24e75e02069feda9d745c03bf4b (diff) | |
| download | strongswan-8ef43d878699d152d9ae4ccfb6bd15837d6b1269.tar.bz2 strongswan-8ef43d878699d152d9ae4ccfb6bd15837d6b1269.tar.xz | |
prevent endless loop with oversize attributes
Diffstat (limited to 'src/libimcv')
| -rw-r--r-- | src/libimcv/imc/imc_agent.c | 19 | ||||
| -rw-r--r-- | src/libimcv/imv/imv_agent.c | 21 |
2 files changed, 32 insertions, 8 deletions
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c index b372c4c57..eb9f9befc 100644 --- a/src/libimcv/imc/imc_agent.c +++ b/src/libimcv/imc/imc_agent.c @@ -384,7 +384,7 @@ METHOD(imc_agent_t, create_state, TNC_Result, "%slong %sexcl %ssoh", this->id, this->name, tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id, has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-"); - DBG2(DBG_IMC, " over %s %s with maximum PA-TNC msg size of %u bytes", + DBG2(DBG_IMC, " over %s %s with maximum PA-TNC message size of %u bytes", t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len); free(tnccs_p); @@ -485,6 +485,7 @@ METHOD(imc_agent_t, send_message, TNC_Result, pa_tnc_msg_t *pa_tnc_msg; chunk_t msg; enumerator_t *enumerator; + bool attr_added; state = find_connection(this, connection_id); if (!state) @@ -497,13 +498,25 @@ METHOD(imc_agent_t, send_message, TNC_Result, while (attr_list->get_count(attr_list)) { pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state)); + attr_added = FALSE; enumerator = attr_list->create_enumerator(attr_list); while (enumerator->enumerate(enumerator, &attr)) { - if (!pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) + if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) { - break; + attr_added = TRUE; + } + else + { + if (attr_added) + { + break; + } + else + { + DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted"); + } } attr_list->remove_at(attr_list, enumerator); } diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c index 2f1c2d3d7..68bde26e0 100644 --- a/src/libimcv/imv/imv_agent.c +++ b/src/libimcv/imv/imv_agent.c @@ -407,7 +407,7 @@ METHOD(imv_agent_t, create_state, TNC_Result, "%slong %sexcl %ssoh", this->id, this->name, tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id, has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-"); - DBG2(DBG_IMV, " over %s %s with maximum PA-TNC msg size of %u bytes", + DBG2(DBG_IMV, " over %s %s with maximum PA-TNC message size of %u bytes", t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len); free(tnccs_p); @@ -507,6 +507,7 @@ METHOD(imv_agent_t, send_message, TNC_Result, pa_tnc_msg_t *pa_tnc_msg; chunk_t msg; enumerator_t *enumerator; + bool attr_added; state = find_connection(this, connection_id); if (!state) @@ -516,17 +517,27 @@ METHOD(imv_agent_t, send_message, TNC_Result, return TNC_RESULT_FATAL; } - pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len); while (attr_list->get_count(attr_list)) { pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len); + attr_added = FALSE; enumerator = attr_list->create_enumerator(attr_list); while (enumerator->enumerate(enumerator, &attr)) - { - if (!pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) + if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr)) + { + attr_added = TRUE; + } + else { - break; + if (attr_added) + { + break; + } + else + { + DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted"); + } } attr_list->remove_at(attr_list, enumerator); } |