Tolerate packets that are larger than negotiated MTU after decompression

In July 2016, the "Fixed regression with CSTP MTU handling" patch
(http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/90e1555494dbc1cf462552679f9aa3d30451d123)
allowed openconnect to gracefully handle uncompressed CSTP packets larger
than the negotiated MTU.

This patch extends that approach to tolerate compressed packets which are
larger than the negotiated MTU after decompression.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>

diff --git a/cstp.c b/cstp.c
index 5477c5c82469ea4920b64b4f208a80a80775bb78..c1311981c39163bf16c25d115fe53dd327f59a23 100644 (file)
--- a/cstp.c
+++ b/cstp.c
@@ -729,7 +729,11 @@ static int cstp_reconnect(struct openconnect_info *vpninfo)
 int decompress_and_queue_packet(struct openconnect_info *vpninfo, int compr_type,
                                unsigned char *buf, int len)
 {
-       struct pkt *new = malloc(sizeof(struct pkt) + vpninfo->ip_info.mtu);
+       /* Some servers send us packets that are larger than
+          negotiated MTU after decompression. We reserve some extra
+          space to handle that */
+       int receive_mtu = MAX(16384, vpninfo->ip_info.mtu);
+       struct pkt *new = malloc(sizeof(struct pkt) + receive_mtu);
        const char *comprname = "";
 
        if (!new)
@@ -746,7 +750,7 @@ int decompress_and_queue_packet(struct openconnect_info *vpninfo, int compr_type
                vpninfo->inflate_strm.avail_in = len - 4;
 
                vpninfo->inflate_strm.next_out = new->data;
-               vpninfo->inflate_strm.avail_out = vpninfo->ip_info.mtu;
+               vpninfo->inflate_strm.avail_out = receive_mtu;
                vpninfo->inflate_strm.total_out = 0;
 
                if (inflate(&vpninfo->inflate_strm, Z_SYNC_FLUSH)) {
@@ -768,7 +772,7 @@ int decompress_and_queue_packet(struct openconnect_info *vpninfo, int compr_type
        } else if (compr_type == COMPR_LZS) {
                comprname = "LZS";
 
-               new->len = lzs_decompress(new->data, vpninfo->ip_info.mtu, buf, len);
+               new->len = lzs_decompress(new->data, receive_mtu, buf, len);
                if (new->len < 0) {
                        len = new->len;
                        if (len == 0)
@@ -781,7 +785,7 @@ int decompress_and_queue_packet(struct openconnect_info *vpninfo, int compr_type
 #ifdef HAVE_LZ4
        } else if (compr_type == COMPR_LZ4) {
                comprname = "LZ4";
-               new->len = LZ4_decompress_safe((void *)buf, (void *)new->data, len, vpninfo->ip_info.mtu);
+               new->len = LZ4_decompress_safe((void *)buf, (void *)new->data, len, receive_mtu);
                if (new->len <= 0) {
                        len = new->len;
                        if (len == 0)