- markus@cvs.openbsd.org 2005/03/14 11:46:56
[buffer.c buffer.h channels.c]
limit input buffer size for channels; bugzilla #896; with and ok dtucker@
diff --git a/channels.c b/channels.c
index 4bd9af8..3f6db60 100644
--- a/channels.c
+++ b/channels.c
@@ -39,7 +39,7 @@
*/
#include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.213 2005/03/10 22:01:05 deraadt Exp $");
+RCSID("$OpenBSD: channels.c,v 1.214 2005/03/14 11:46:56 markus Exp $");
#include "ssh.h"
#include "ssh1.h"
@@ -58,6 +58,8 @@
/* -- channel core */
+#define CHAN_RBUF 16*1024
+
/*
* Pointer to an array containing all allocated channels. The array is
* dynamically extended as needed.
@@ -712,6 +714,9 @@
{
u_int limit = compat20 ? c->remote_window : packet_get_maxsize();
+ /* check buffer limits */
+ limit = MIN(limit, (BUFFER_MAX_LEN - BUFFER_MAX_CHUNK - CHAN_RBUF));
+
if (c->istate == CHAN_INPUT_OPEN &&
limit > 0 &&
buffer_len(&c->input) < limit)
@@ -1360,7 +1365,7 @@
static int
channel_handle_rfd(Channel *c, fd_set * readset, fd_set * writeset)
{
- char buf[16*1024];
+ char buf[CHAN_RBUF];
int len;
if (c->rfd != -1 &&
@@ -1454,7 +1459,7 @@
static int
channel_handle_efd(Channel *c, fd_set * readset, fd_set * writeset)
{
- char buf[16*1024];
+ char buf[CHAN_RBUF];
int len;
/** XXX handle drain efd, too */