# HG changeset patch
# User Ronny Meeus <ronny.meeus@gmail.com>
# Date 1400591928 -28800
# Node ID c919dbb393959ae1f5038c8a34f67f4a0ca3d583
# Parent  3873b39c4de60afa64e2f3b171cdfb0ff8a12ef6
Limit size of the iovect passed to writev in packet.c

diff -r 3873b39c4de6 -r c919dbb39395 packet.c
--- a/packet.c	Tue May 20 20:56:59 2014 +0800
+++ b/packet.c	Tue May 20 21:18:48 2014 +0800
@@ -64,13 +64,24 @@
 	struct iovec *iov = NULL;
 	int i;
 	struct Link *l;
+	int iov_max_count;
 #endif
 	
 	TRACE2(("enter write_packet"))
 	dropbear_assert(!isempty(&ses.writequeue));
 
 #ifdef HAVE_WRITEV
-	iov = m_malloc(sizeof(*iov) * ses.writequeue.count);
+
+#ifndef IOV_MAX
+#define IOV_MAX UIO_MAXIOV
+#endif
+
+	/* Make sure the size of the iov is below the maximum allowed by the OS. */
+	iov_max_count = ses.writequeue.count;
+	if (iov_max_count > IOV_MAX)
+		iov_max_count = IOV_MAX;
+
+	iov = m_malloc(sizeof(*iov) * iov_max_count);
 	for (l = ses.writequeue.head, i = 0; l; l = l->link, i++)
 	{
 		writebuf = (buffer*)l->item;
@@ -83,7 +94,7 @@
 		iov[i].iov_base = buf_getptr(writebuf, len);
 		iov[i].iov_len = len;
 	}
-	written = writev(ses.sock_out, iov, ses.writequeue.count);
+	written = writev(ses.sock_out, iov, iov_max_count);
 	if (written < 0) {
 		if (errno == EINTR) {
 			m_free(iov);