totemudp: Check lenght of message to sent

If message to sent is too long, encrypt and authentificate may overwrite
stack (buf_out). Check this condition and throw message if this happens.

Signed-off-by: Jan Friesse <jfriesse@redhat.com>
Reviewed-by: Christine Caulfield <ccaulfie@redhat.com>

exec/totemcrypto.c

@@ -808,6 +808,13 @@ size_t crypto_sec_header_size(
 	return hdr_size;
 }
 
+size_t crypto_get_current_sec_header_size(
+	const struct crypto_instance *instance)
+{
+
+	return (instance->crypto_header_size);
+}
+
 /*
  * 2.0 packet format:
  *   crypto_cipher_type | crypto_hash_type | __pad0 | __pad1 | hash | salt | data
@@ -907,7 +914,6 @@ int crypto_authenticate_and_decrypt (struct crypto_instance *instance,
 	/*
 	 * decrypt
 	 */
-
 	if (decrypt_nss_2_3(instance, buf, buf_len) != 0) {
 		return -1;
 	}

exec/totemcrypto.h

@@ -44,6 +44,9 @@ extern size_t crypto_sec_header_size(
 	const char *crypto_cipher_type,
 	const char *crypto_hash_type);
 
+extern size_t crypto_get_current_sec_header_size(
+	const struct crypto_instance *instance);
+
 extern int crypto_authenticate_and_decrypt (
 	struct crypto_instance *instance,
 	unsigned char *buf,

exec/totemudp.c

@@ -268,6 +268,12 @@ static inline void ucast_sendmsg (
 	struct iovec iovec;
 	int addrlen;
 
+	if (msg_len + crypto_get_current_sec_header_size(instance->crypto_inst) > sizeof(buf_out)) {
+		log_printf(LOGSYS_LEVEL_CRIT, "UDP message for ucast is too big. Ignoring message");
+
+		return ;
+	}
+
 	/*
 	 * Encrypt and digest the message
 	 */
@@ -336,6 +342,12 @@ static inline void mcast_sendmsg (
 	struct sockaddr_storage sockaddr;
 	int addrlen;
 
+	if (msg_len + crypto_get_current_sec_header_size(instance->crypto_inst) > sizeof(buf_out)) {
+		log_printf(LOGSYS_LEVEL_CRIT, "UDP message for mcast is too big. Ignoring message");
+
+		return ;
+	}
+
 	/*
 	 * Encrypt and digest the message
 	 */

exec/totemudpu.c

@@ -271,6 +271,12 @@ static inline void ucast_sendmsg (
 	struct iovec iovec;
 	int addrlen;
 
+	if (msg_len + crypto_get_current_sec_header_size(instance->crypto_inst) > sizeof(buf_out)) {
+		log_printf(LOGSYS_LEVEL_CRIT, "UDPU message for ucast is too big. Ignoring message");
+
+		return ;
+	}
+
 	/*
 	 * Encrypt and digest the message
 	 */
@@ -341,6 +347,12 @@ static inline void mcast_sendmsg (
         struct list_head *list;
 	struct totemudpu_member *member;
 
+	if (msg_len + crypto_get_current_sec_header_size(instance->crypto_inst) > sizeof(buf_out)) {
+		log_printf(LOGSYS_LEVEL_CRIT, "UDPU message for mcast is too big. Ignoring message");
+
+		return ;
+	}
+
 	/*
 	 * Encrypt and digest the message
 	 */