prevent endless loop with oversize attributes

author Andreas Steffen <andreas.steffen@strongswan.org>

Thu, 12 Jul 2012 19:14:21 +0000 (21:14 +0200)

committer Andreas Steffen <andreas.steffen@strongswan.org>

Thu, 12 Jul 2012 19:26:18 +0000 (21:26 +0200)
author Andreas Steffen <andreas.steffen@strongswan.org>
Thu, 12 Jul 2012 19:14:21 +0000 (21:14 +0200)
committer Andreas Steffen <andreas.steffen@strongswan.org>
Thu, 12 Jul 2012 19:26:18 +0000 (21:26 +0200)
diff --git a/src/libimcv/imc/imc_agent.c b/src/libimcv/imc/imc_agent.c

index b372c4c..eb9f9be 100644 (file)
--- a/src/libimcv/imc/imc_agent.c
+++ b/src/libimcv/imc/imc_agent.c
@@ -384,7 +384,7 @@ METHOD(imc_agent_t, create_state, TNC_Result,
                                   "%slong %sexcl %ssoh", this->id, this->name,
                                   tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
                               has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
-       DBG2(DBG_IMC, "  over %s %s with maximum PA-TNC msg size of %u bytes",
+       DBG2(DBG_IMC, "  over %s %s with maximum PA-TNC message size of %u bytes",
                                   t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
  
         free(tnccs_p);
@@ -485,6 +485,7 @@ METHOD(imc_agent_t, send_message, TNC_Result,
         pa_tnc_msg_t *pa_tnc_msg;
         chunk_t msg;
         enumerator_t *enumerator;
+       bool attr_added;
  
         state = find_connection(this, connection_id);
         if (!state)
@@ -497,13 +498,25 @@ METHOD(imc_agent_t, send_message, TNC_Result,
         while (attr_list->get_count(attr_list))
         {
                 pa_tnc_msg = pa_tnc_msg_create(state->get_max_msg_len(state));
+               attr_added = FALSE;
  
                 enumerator = attr_list->create_enumerator(attr_list);
                 while (enumerator->enumerate(enumerator, &attr))
                 {
-                       if (!pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
+                       if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
                         {
-                               break;
+                               attr_added = TRUE;
+                       }
+                       else
+                       {
+                               if (attr_added)
+                               {
+                                       break;
+                               }
+                               else
+                               {
+                                       DBG1(DBG_IMC, "PA-TNC attribute too large to send, deleted");
+                               }
                         }
                         attr_list->remove_at(attr_list, enumerator);
                 }
diff --git a/src/libimcv/imv/imv_agent.c b/src/libimcv/imv/imv_agent.c

index 2f1c2d3..68bde26 100644 (file)
--- a/src/libimcv/imv/imv_agent.c
+++ b/src/libimcv/imv/imv_agent.c
@@ -407,7 +407,7 @@ METHOD(imv_agent_t, create_state, TNC_Result,
                                   "%slong %sexcl %ssoh", this->id, this->name,
                                   tnccs_p ? tnccs_p:"?", tnccs_v ? tnccs_v:"?", conn_id,
                               has_long ? "+":"-", has_excl ? "+":"-", has_soh ? "+":"-");
-       DBG2(DBG_IMV, "  over %s %s with maximum PA-TNC msg size of %u bytes",
+       DBG2(DBG_IMV, "  over %s %s with maximum PA-TNC message size of %u bytes",
                                   t_p ? t_p:"?", t_v ? t_v :"?", max_msg_len);
  
         free(tnccs_p);
@@ -507,6 +507,7 @@ METHOD(imv_agent_t, send_message, TNC_Result,
         pa_tnc_msg_t *pa_tnc_msg;
         chunk_t msg;
         enumerator_t *enumerator;
+       bool attr_added;
  
         state = find_connection(this, connection_id);
         if (!state)
@@ -516,17 +517,27 @@ METHOD(imv_agent_t, send_message, TNC_Result,
                 return TNC_RESULT_FATAL;
         }
  
-       pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
         while (attr_list->get_count(attr_list))
         {
                 pa_tnc_msg = pa_tnc_msg_create(this->max_msg_len);
+               attr_added = FALSE;
  
                 enumerator = attr_list->create_enumerator(attr_list);
                 while (enumerator->enumerate(enumerator, &attr))
-               {
-                       if (!pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
+                       if (pa_tnc_msg->add_attribute(pa_tnc_msg, attr))
+                       {
+                               attr_added = TRUE;
+                       }
+                       else
                         {
-                               break;
+                               if (attr_added)
+                               {
+                                       break;
+                               }
+                               else
+                               {
+                                       DBG1(DBG_IMV, "PA-TNC attribute too large to send, deleted");
+                               }
                         }
                         attr_list->remove_at(attr_list, enumerator);
                 }
author	Andreas Steffen <andreas.steffen@strongswan.org>
	Thu, 12 Jul 2012 19:14:21 +0000 (21:14 +0200)
committer	Andreas Steffen <andreas.steffen@strongswan.org>
	Thu, 12 Jul 2012 19:26:18 +0000 (21:26 +0200)
src/libimcv/imc/imc_agent.c		patch \| blob \| history
src/libimcv/imv/imv_agent.c		patch \| blob \| history