From: Daniel Lenski <dlenski@gmail.com>
Date: Wed, 1 Aug 2018 02:32:26 +0000 (-0700)
Subject: Tolerate packets that are larger than negotiated MTU after decompression
X-Git-Tag: v8.00~95^2~15
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=87a66e15d17f30eaf16f250478e746235a239570;p=users%2Fdwmw2%2Fopenconnect.git

Tolerate packets that are larger than negotiated MTU after decompression

In July 2016, the "Fixed regression with CSTP MTU handling" patch
(http://git.infradead.org/users/dwmw2/openconnect.git/commitdiff/90e1555494dbc1cf462552679f9aa3d30451d123)
allowed openconnect to gracefully handle uncompressed CSTP packets larger
than the negotiated MTU.

This patch extends that approach to tolerate compressed packets which are
larger than the negotiated MTU after decompression.

Signed-off-by: Daniel Lenski <dlenski@gmail.com>
---

diff --git a/cstp.c b/cstp.c
index 5477c5c8..c1311981 100644
--- a/cstp.c
+++ b/cstp.c
@@ -729,7 +729,11 @@ static int cstp_reconnect(struct openconnect_info *vpninfo)
 int decompress_and_queue_packet(struct openconnect_info *vpninfo, int compr_type,
 				unsigned char *buf, int len)
 {
-	struct pkt *new = malloc(sizeof(struct pkt) + vpninfo->ip_info.mtu);
+	/* Some servers send us packets that are larger than
+	   negotiated MTU after decompression. We reserve some extra
+	   space to handle that */
+	int receive_mtu = MAX(16384, vpninfo->ip_info.mtu);
+	struct pkt *new = malloc(sizeof(struct pkt) + receive_mtu);
 	const char *comprname = "";
 
 	if (!new)
@@ -746,7 +750,7 @@ int decompress_and_queue_packet(struct openconnect_info *vpninfo, int compr_type
 		vpninfo->inflate_strm.avail_in = len - 4;
 
 		vpninfo->inflate_strm.next_out = new->data;
-		vpninfo->inflate_strm.avail_out = vpninfo->ip_info.mtu;
+		vpninfo->inflate_strm.avail_out = receive_mtu;
 		vpninfo->inflate_strm.total_out = 0;
 
 		if (inflate(&vpninfo->inflate_strm, Z_SYNC_FLUSH)) {
@@ -768,7 +772,7 @@ int decompress_and_queue_packet(struct openconnect_info *vpninfo, int compr_type
 	} else if (compr_type == COMPR_LZS) {
 		comprname = "LZS";
 
-		new->len = lzs_decompress(new->data, vpninfo->ip_info.mtu, buf, len);
+		new->len = lzs_decompress(new->data, receive_mtu, buf, len);
 		if (new->len < 0) {
 			len = new->len;
 			if (len == 0)
@@ -781,7 +785,7 @@ int decompress_and_queue_packet(struct openconnect_info *vpninfo, int compr_type
 #ifdef HAVE_LZ4
 	} else if (compr_type == COMPR_LZ4) {
 		comprname = "LZ4";
-		new->len = LZ4_decompress_safe((void *)buf, (void *)new->data, len, vpninfo->ip_info.mtu);
+		new->len = LZ4_decompress_safe((void *)buf, (void *)new->data, len, receive_mtu);
 		if (new->len <= 0) {
 			len = new->len;
 			if (len == 0)