[PATCH 1/2] Tolerate packets that are larger than negotiated MTU after decompression

Tue, 31 Jul 2018 19:54:00 -0700 

In July 2016, the "Fixed regression with CSTP MTU handling" patch
(http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/90e1555494dbc1cf462552679f9aa3d30451d123)
allowed openconnect to gracefully handle uncompressed CSTP packets larger
than the negotiated MTU.

This patch extends that approach to tolerate compressed packets which are
larger than the negotiated MTU after decompression.

Signed-off-by: Daniel Lenski <dlen...@gmail.com>
---
 cstp.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/cstp.c b/cstp.c
index 5477c5c..c131198 100644
--- a/cstp.c
+++ b/cstp.c
@@ -729,7 +729,11 @@ static int cstp_reconnect(struct openconnect_info *vpninfo)
 int decompress_and_queue_packet(struct openconnect_info *vpninfo, int 
compr_type,
                                unsigned char *buf, int len)
 {
-       struct pkt *new = malloc(sizeof(struct pkt) + vpninfo->ip_info.mtu);
+       /* Some servers send us packets that are larger than
+          negotiated MTU after decompression. We reserve some extra
+          space to handle that */
+       int receive_mtu = MAX(16384, vpninfo->ip_info.mtu);
+       struct pkt *new = malloc(sizeof(struct pkt) + receive_mtu);
        const char *comprname = "";
 
        if (!new)
@@ -746,7 +750,7 @@ int decompress_and_queue_packet(struct openconnect_info 
*vpninfo, int compr_type
                vpninfo->inflate_strm.avail_in = len - 4;
 
                vpninfo->inflate_strm.next_out = new->data;
-               vpninfo->inflate_strm.avail_out = vpninfo->ip_info.mtu;
+               vpninfo->inflate_strm.avail_out = receive_mtu;
                vpninfo->inflate_strm.total_out = 0;
 
                if (inflate(&vpninfo->inflate_strm, Z_SYNC_FLUSH)) {
@@ -768,7 +772,7 @@ int decompress_and_queue_packet(struct openconnect_info 
*vpninfo, int compr_type
        } else if (compr_type == COMPR_LZS) {
                comprname = "LZS";
 
-               new->len = lzs_decompress(new->data, vpninfo->ip_info.mtu, buf, 
len);
+               new->len = lzs_decompress(new->data, receive_mtu, buf, len);
                if (new->len < 0) {
                        len = new->len;
                        if (len == 0)
@@ -781,7 +785,7 @@ int decompress_and_queue_packet(struct openconnect_info 
*vpninfo, int compr_type
 #ifdef HAVE_LZ4
        } else if (compr_type == COMPR_LZ4) {
                comprname = "LZ4";
-               new->len = LZ4_decompress_safe((void *)buf, (void *)new->data, 
len, vpninfo->ip_info.mtu);
+               new->len = LZ4_decompress_safe((void *)buf, (void *)new->data, 
len, receive_mtu);
                if (new->len <= 0) {
                        len = new->len;
                        if (len == 0)
-- 
2.7.4


_______________________________________________
openconnect-devel mailing list
openconnect-devel@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/openconnect-devel

Reply via email to