Skip to content

Commit

Permalink
PR: 1930
Browse files Browse the repository at this point in the history
Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Limit size of DTLS record buffer queue.
  • Loading branch information
snhenson committed May 16, 2009
1 parent 661d35d commit 88b48dc
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 0 deletions.
14 changes: 14 additions & 0 deletions crypto/pqueue/pqueue.c
Expand Up @@ -237,3 +237,17 @@ pqueue_next(pitem **item)

return ret;
}

int
pqueue_size(pqueue_s *pq)
{
pitem *item = pq->items;
int count = 0;

while(item != NULL)
{
count++;
item = item->next;
}
return count;
}
1 change: 1 addition & 0 deletions crypto/pqueue/pqueue.h
Expand Up @@ -89,5 +89,6 @@ pitem *pqueue_iterator(pqueue pq);
pitem *pqueue_next(piterator *iter);

void pqueue_print(pqueue pq);
int pqueue_size(pqueue pq);

#endif /* ! HEADER_PQUEUE_H */
4 changes: 4 additions & 0 deletions ssl/d1_pkt.c
Expand Up @@ -207,6 +207,10 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
DTLS1_RECORD_DATA *rdata;
pitem *item;

/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
return 0;

rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)
Expand Down

0 comments on commit 88b48dc

Please sign in to comment.