Update from 1.0.0-stable.

diff --git a/crypto/pqueue/pqueue.c b/crypto/pqueue/pqueue.c
index 5cc18527f8da8f1e80084ebb4c41b69ff7a061c9..6c89f06fb105303e733474a79af0e921a745ee4c 100644 (file)
--- a/crypto/pqueue/pqueue.c
+++ b/crypto/pqueue/pqueue.c
@@ -234,3 +234,17 @@ pqueue_next(pitem **item)
 
        return ret;
        }
+
+int
+pqueue_size(pqueue_s *pq)
+{
+       pitem *item = pq->items;
+       int count = 0;
+       
+       while(item != NULL)
+       {
+               count++;
+               item = item->next;
+       }
+       return count;
+}

diff --git a/crypto/pqueue/pqueue.h b/crypto/pqueue/pqueue.h
index 02386d130e9a797dae6ad8b61af28976ea15cec1..16c4072681c250467c86e35003307bec577d7738 100644 (file)
--- a/crypto/pqueue/pqueue.h
+++ b/crypto/pqueue/pqueue.h
@@ -91,5 +91,6 @@ pitem *pqueue_iterator(pqueue pq);
 pitem *pqueue_next(piterator *iter);
 
 void   pqueue_print(pqueue pq);
+int    pqueue_size(pqueue pq);
 
 #endif /* ! HEADER_PQUEUE_H */

diff --git a/ssl/d1_pkt.c b/ssl/d1_pkt.c
index 39060190231080df458c27e7b3726de133218956..ec7752d93a08b9a64b739c2e0aa2aade48803059 100644 (file)
--- a/ssl/d1_pkt.c
+++ b/ssl/d1_pkt.c
@@ -167,6 +167,10 @@ dtls1_buffer_record(SSL *s, record_pqueue *queue, PQ_64BIT priority)
     DTLS1_RECORD_DATA *rdata;
        pitem *item;
 
+       /* Limit the size of the queue to prevent DOS attacks */
+       if (pqueue_size(queue->q) >= 100)
+               return 0;
+               
        rdata = OPENSSL_malloc(sizeof(DTLS1_RECORD_DATA));
        item = pitem_new(priority, rdata);
        if (rdata == NULL || item == NULL)