prevent endless loop with oversize attributes
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 12 Jul 2012 19:14:21 +0000 (21:14 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 12 Jul 2012 19:26:18 +0000 (21:26 +0200)
src/libimcv/imc/imc_agent.c
src/libimcv/imv/imv_agent.c

index b372c4c..eb9f9be 100644 (file)
@@ -384,7 +384,7 @@ METHOD(imc_agent_t, create_state, TNC_Result,
                                  "%slong %sexcl %ssoh", this->id, this->name,
                                  tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
                              has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
-       DBG2(DBG_IMC, "  over %s %s with maximum PA-TNC msg size of %u bytes",
+       DBG2(DBG_IMC, "  over %s %s with maximum PA-TNC message size of %u bytes",
                                  t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
 
        free(tnccs_p);
@@ -485,6 +485,7 @@ METHOD(imc_agent_t, send_message, TNC_Result,
        pa_tnc_msg_t *pa_tnc_msg;
        chunk_t msg;
        enumerator_t *enumerator;
+       bool attr_added;
 
        state = find_connection(this, connection_id);
        if (!state)
@@ -497,13 +498,25 @@ METHOD(imc_agent_t, send_message, TNC_Result,
        while (attr_list->get_count(attr_list))
        {
                pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state));
+               attr_added = FALSE;
 
                enumerator = attr_list->create_enumerator(attr_list);
                while (enumerator->enumerate(enumerator, &attr))
                {
-                       if (!pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
+                       if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
                        {
-                               break;
+                               attr_added = TRUE;
+                       }
+                       else
+                       {
+                               if (attr_added)
+                               {
+                                       break;
+                               }
+                               else
+                               {
+                                       DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted");
+                               }
                        }
                        attr_list->remove_at(attr_list, enumerator);
                }
index 2f1c2d3..68bde26 100644 (file)
@@ -407,7 +407,7 @@ METHOD(imv_agent_t, create_state, TNC_Result,
                                  "%slong %sexcl %ssoh", this->id, this->name,
                                  tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
                              has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
-       DBG2(DBG_IMV, "  over %s %s with maximum PA-TNC msg size of %u bytes",
+       DBG2(DBG_IMV, "  over %s %s with maximum PA-TNC message size of %u bytes",
                                  t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
 
        free(tnccs_p);
@@ -507,6 +507,7 @@ METHOD(imv_agent_t, send_message, TNC_Result,
        pa_tnc_msg_t *pa_tnc_msg;
        chunk_t msg;
        enumerator_t *enumerator;
+       bool attr_added;
 
        state = find_connection(this, connection_id);
        if (!state)
@@ -516,17 +517,27 @@ METHOD(imv_agent_t, send_message, TNC_Result,
                return TNC_RESULT_FATAL;
        }
 
-       pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
        while (attr_list->get_count(attr_list))
        {
                pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
+               attr_added = FALSE;
 
                enumerator = attr_list->create_enumerator(attr_list);
                while (enumerator->enumerate(enumerator, &attr))
-               {
-                       if (!pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
+                       if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
+                       {
+                               attr_added = TRUE;
+                       }
+                       else
                        {
-                               break;
+                               if (attr_added)
+                               {
+                                       break;
+                               }
+                               else
+                               {
+                                       DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted");
+                               }
                        }
                        attr_list->remove_at(attr_list, enumerator);
                }