Permalink
Browse files

PR: 1930

Submitted by: Robin Seggelmann <seggelmann@fh-muenster.de>
Approved by: steve@openssl.org

Limit size of DTLS record buffer queue.
  • Loading branch information...
snhenson committed May 16, 2009
1 parent 661d35d commit 88b48dc68024dcc437da4296c9fb04419b0ccbe1
Showing with 19 additions and 0 deletions.
  1. +14 −0 crypto/pqueue/pqueue.c
  2. +1 −0 crypto/pqueue/pqueue.h
  3. +4 −0 ssl/d1_pkt.c
@@ -237,3 +237,17 @@ pqueue_next(pitem **item)
return ret;
}
int
pqueue_size(pqueue_s *pq)
{
pitem *item = pq->items;
int count = 0;
while(item != NULL)
{
count++;
item = item->next;
}
return count;
}
@@ -89,5 +89,6 @@ pitem *pqueue_iterator(pqueue pq);
pitem *pqueue_next(piterator *iter);
void pqueue_print(pqueue pq);
int pqueue_size(pqueue pq);
#endif /* ! HEADER_PQUEUE_H */
@@ -207,6 +207,10 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, unsigned char *priority)
DTLS1_RECORD_DATA *rdata;
pitem *item;
/* Limit the size of the queue to prevent DOS attacks */
if (pqueue_size(queue->q) >= 100)
return 0;
rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
item = pitem_new(priority, rdata);
if (rdata == NULL || item == NULL)

0 comments on commit 88b48dc

Please sign in to comment.