Added SOCKET_SND_RCV_BUF_MAX constant (set to 1000000) to limit the

maximum size passed to setsockopt SNDBUF/RCVBUF.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@3062 e7ae566f-a301-0410-adde-c780ea21d3b5

2 files changed, 16 insertions, 5 deletions

diff --git a/socket.c b/socket.c
index ffb8c11..135fb0e 100644
--- a/socket.c
+++ b/socket.c
@@ -292,9 +292,12 @@ static void
 socket_set_sndbuf (int sd, int size)
 {
 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_SNDBUF)
-  if (setsockopt (sd, SOL_SOCKET, SO_SNDBUF, (void *) &size, sizeof (size)) != 0)
+  if (size > 0 && size < SOCKET_SND_RCV_BUF_MAX)
     {
-      msg (M_WARN, "NOTE: setsockopt SO_SNDBUF=%d failed", size);
+      if (setsockopt (sd, SOL_SOCKET, SO_SNDBUF, (void *) &size, sizeof (size)) != 0)
+	{
+	  msg (M_WARN, "NOTE: setsockopt SO_SNDBUF=%d failed", size);
+	}
     }
 #endif
 }
@@ -318,10 +321,13 @@ static bool
 socket_set_rcvbuf (int sd, int size)
 {
 #if defined(HAVE_SETSOCKOPT) && defined(SOL_SOCKET) && defined(SO_RCVBUF)
-  if (setsockopt (sd, SOL_SOCKET, SO_RCVBUF, (void *) &size, sizeof (size)) != 0)
+  if (size > 0 && size < SOCKET_SND_RCV_BUF_MAX)
     {
-      msg (M_WARN, "NOTE: setsockopt SO_RCVBUF=%d failed", size);
-      return false;
+      if (setsockopt (sd, SOL_SOCKET, SO_RCVBUF, (void *) &size, sizeof (size)) != 0)
+	{
+	  msg (M_WARN, "NOTE: setsockopt SO_RCVBUF=%d failed", size);
+	  return false;
+	}
     }
   return true;
 #endif
diff --git a/socket.h b/socket.h
index bb03f2f..3d25f5e 100644
--- a/socket.h
+++ b/socket.h
@@ -42,6 +42,11 @@
 #define OPENVPN_PORT 1194
 
 /*
+ * Maximum size passed passed to setsockopt SNDBUF/RCVBUF
+ */
+#define SOCKET_SND_RCV_BUF_MAX 1000000
+
+/*
  * Number of seconds that "resolv-retry infinite"
  * represents.
  */