changeset 933:c919dbb39395

Limit size of the iovect passed to writev in packet.c
author Ronny Meeus <ronny.meeus@gmail.com>
date Tue, 20 May 2014 21:18:48 +0800
parents 3873b39c4de6
children 68723d66dec6
files packet.c
diffstat 1 files changed, 13 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/packet.c	Tue May 20 20:56:59 2014 +0800
+++ b/packet.c	Tue May 20 21:18:48 2014 +0800
@@ -64,13 +64,24 @@
 	struct iovec *iov = NULL;
 	int i;
 	struct Link *l;
+	int iov_max_count;
 #endif
 	
 	TRACE2(("enter write_packet"))
 	dropbear_assert(!isempty(&ses.writequeue));
 
 #ifdef HAVE_WRITEV
-	iov = m_malloc(sizeof(*iov) * ses.writequeue.count);
+
+#ifndef IOV_MAX
+#define IOV_MAX UIO_MAXIOV
+#endif
+
+	/* Make sure the size of the iov is below the maximum allowed by the OS. */
+	iov_max_count = ses.writequeue.count;
+	if (iov_max_count > IOV_MAX)
+		iov_max_count = IOV_MAX;
+
+	iov = m_malloc(sizeof(*iov) * iov_max_count);
 	for (l = ses.writequeue.head, i = 0; l; l = l->link, i++)
 	{
 		writebuf = (buffer*)l->item;
@@ -83,7 +94,7 @@
 		iov[i].iov_base = buf_getptr(writebuf, len);
 		iov[i].iov_len = len;
 	}
-	written = writev(ses.sock_out, iov, ses.writequeue.count);
+	written = writev(ses.sock_out, iov, iov_max_count);
 	if (written < 0) {
 		if (errno == EINTR) {
 			m_free(iov);