Input transport data size check

[govpn.git] / src / govpn / peer.go

diff --git a/src/govpn/peer.go b/src/govpn/peer.go
index 2907662c4e168b7f96861e97f200cb5958c1df58..5ea245bbd44a02aa196c66801b3bd22b4c3f19f3 100644 (file)
--- a/src/govpn/peer.go
+++ b/src/govpn/peer.go
@@ -145,18 +145,24 @@ func (p *Peer) NonceExpectation(buf []byte) {
        p.NonceCipher.Encrypt(buf, buf)
 }
 
-func cprCycleCalculate(rate int) time.Duration {
-       if rate == 0 {
+func cprCycleCalculate(conf *PeerConf) time.Duration {
+       if conf.CPR == 0 {
                return time.Duration(0)
        }
-       return time.Second / time.Duration(rate*(1<<10)/MTUMax)
+       rate := conf.CPR * 1 << 10
+       if conf.Encless {
+               rate /= EnclessEnlargeSize + conf.MTU
+       } else {
+               rate /= conf.MTU
+       }
+       return time.Second / time.Duration(rate)
 }
 
 func newPeer(isClient bool, addr string, conn io.Writer, conf *PeerConf, key *[SSize]byte) *Peer {
        now := time.Now()
        timeout := conf.Timeout
 
-       cprCycle := cprCycleCalculate(conf.CPR)
+       cprCycle := cprCycleCalculate(conf)
        noiseEnable := conf.Noise
        if conf.CPR > 0 {
                noiseEnable = true
@@ -294,6 +300,9 @@ func (p *Peer) PktProcess(data []byte, tap io.Writer, reorderable bool) bool {
        if len(data) < MinPktLength {
                return false
        }
+       if !p.Encless && len(data) > len(p.bufR)-S20BS {
+               return false
+       }
        var out []byte
        p.BusyR.Lock()
        if p.Encless {