diff options
author | Matt Johnston <matt@codeconstruct.com.au> | 2021-10-12 23:32:10 +0800 |
---|---|---|
committer | Matt Johnston <matt@codeconstruct.com.au> | 2021-10-12 23:32:10 +0800 |
commit | 93ca336040b1c7828b3f5de349b8f31c0b3c7f03 (patch) | |
tree | c46b13dc5bc3572721970339c5f87fa0effba985 | |
parent | 05b7e44787f3e142cb37ae9c2f0a6b65ea54b341 (diff) | |
download | dropbear-93ca336040b1c7828b3f5de349b8f31c0b3c7f03.tar.gz |
Increase max window size to 10MB, fallback rather than
exiting if an invalid value is given.
-rw-r--r-- | cli-runopts.c | 9 | ||||
-rw-r--r-- | common-runopts.c | 16 | ||||
-rw-r--r-- | runopts.h | 1 | ||||
-rw-r--r-- | svr-runopts.c | 11 | ||||
-rw-r--r-- | sysoptions.h | 2 |
5 files changed, 25 insertions, 14 deletions
diff --git a/cli-runopts.c b/cli-runopts.c index 255b47e..fdedf72 100644 --- a/cli-runopts.c +++ b/cli-runopts.c @@ -79,7 +79,7 @@ static void printhelp() { #if DROPBEAR_CLI_REMOTETCPFWD "-R <[listenaddress:]listenport:remotehost:remoteport> Remote port forwarding\n" #endif - "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" + "-W <receive_window_buffer> (default %d, larger may be faster, max 10MB)\n" "-K <keepalive> (0 is never, default %d)\n" "-I <idle_timeout> (0 is never, default %d)\n" #if DROPBEAR_CLI_NETCAT @@ -451,12 +451,9 @@ void cli_getopts(int argc, char ** argv) { && cli_opts.no_cmd == 0) { dropbear_exit("Command required for -f"); } - + if (recv_window_arg) { - opts.recv_window = atol(recv_window_arg); - if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { - dropbear_exit("Bad recv window '%s'", recv_window_arg); - } + parse_recv_window(recv_window_arg); } if (keepalive_arg) { unsigned int val; diff --git a/common-runopts.c b/common-runopts.c index 4d9bbc6..97e5b2e 100644 --- a/common-runopts.c +++ b/common-runopts.c @@ -101,4 +101,20 @@ void print_version() { fprintf(stderr, "Dropbear v%s\n", DROPBEAR_VERSION); } +void parse_recv_window(const char* recv_window_arg) { + int ret; + unsigned int rw; + + ret = m_str_to_uint(recv_window_arg, &rw); + if (ret == DROPBEAR_FAILURE || rw == 0 || rw > MAX_RECV_WINDOW) { + if (rw > MAX_RECV_WINDOW) { + opts.recv_window = MAX_RECV_WINDOW; + } + dropbear_log(LOG_WARNING, "Bad recv window '%s', using %d", + recv_window_arg, opts.recv_window); + } else { + opts.recv_window = rw; + } + +} @@ -195,5 +195,6 @@ void parse_ciphers_macs(void); #endif void print_version(void); +void parse_recv_window(const char* recv_window_arg); #endif /* DROPBEAR_RUNOPTS_H_ */ diff --git a/svr-runopts.c b/svr-runopts.c index 36ea26b..02ec2d4 100644 --- a/svr-runopts.c +++ b/svr-runopts.c @@ -100,7 +100,7 @@ static void printhelp(const char * progname) { #if INETD_MODE "-i Start for inetd\n" #endif - "-W <receive_window_buffer> (default %d, larger may be faster, max 1MB)\n" + "-W <receive_window_buffer> (default %d, larger may be faster, max 10MB)\n" "-K <keepalive> (0 is never, default %d, in seconds)\n" "-I <idle_timeout> (0 is never, default %d, in seconds)\n" #if DROPBEAR_PLUGIN @@ -385,12 +385,9 @@ void svr_getopts(int argc, char ** argv) { } } #endif - + if (recv_window_arg) { - opts.recv_window = atol(recv_window_arg); - if (opts.recv_window == 0 || opts.recv_window > MAX_RECV_WINDOW) { - dropbear_exit("Bad recv window '%s'", recv_window_arg); - } + parse_recv_window(recv_window_arg); } if (maxauthtries_arg) { @@ -402,7 +399,7 @@ void svr_getopts(int argc, char ** argv) { svr_opts.maxauthtries = val; } - + if (keepalive_arg) { unsigned int val; if (m_str_to_uint(keepalive_arg, &val) == DROPBEAR_FAILURE) { diff --git a/sysoptions.h b/sysoptions.h index c36e8e0..51c4bc9 100644 --- a/sysoptions.h +++ b/sysoptions.h @@ -196,7 +196,7 @@ If you test it please contact the Dropbear author */ #define RECV_WINDOWEXTEND (opts.recv_window / 3) /* We send a "window extend" every RECV_WINDOWEXTEND bytes */ -#define MAX_RECV_WINDOW (1024*1024) /* 1 MB should be enough */ +#define MAX_RECV_WINDOW (10*1024*1024) /* 10 MB should be enough */ #define MAX_CHANNELS 1000 /* simple mem restriction, includes each tcp/x11 connection, so can't be _too_ small */ |