Set TLS receive buffer from fragment size

TLS over TCP can send 64K TLS packets.  We need to be able to
handle that.

diff --git a/src/include/radiusd.h b/src/include/radiusd.h
index 991ad9b..0699373 100644 (file)
--- a/src/include/radiusd.h
+++ b/src/include/radiusd.h
@@ -432,6 +432,7 @@ typedef struct listen_socket_t {
        REQUEST         *request; /* horrible hacks */
        VALUE_PAIR      *certs;
        pthread_mutex_t mutex;
+       uint8_t         *data;
 #endif
 
        RADCLIENT_LIST  *clients;

diff --git a/src/main/tls_listen.c b/src/main/tls_listen.c
index 8d83ff3..b059b1e 100644 (file)
--- a/src/main/tls_listen.c
+++ b/src/main/tls_listen.c
@@ -471,9 +471,12 @@ int proxy_tls_recv(rad_listen_t *listener)
        size_t length;
        listen_socket_t *sock = listener->data;
        char buffer[256];
-       uint8_t data[1024];
        RADIUS_PACKET *packet;
        RAD_REQUEST_FUNP fun = NULL;
+       uint8_t *data;
+
+       if (!sock->data) sock->data = rad_malloc(listener->tls->fragment_size);
+       data = sock->data;
 
        DEBUG3("Proxy SSL socket has data to read");
        PTHREAD_MUTEX_LOCK(&sock->mutex);
@@ -510,9 +513,10 @@ redo:
        DEBUG3("Proxy received header saying we have a packet of %u bytes",
               (unsigned int) length);
 
-       if (length > sizeof(data)) {
-               DEBUG("Received packet will be too large! (%u)",
-                     (data[2] << 8) | data[3]);
+       if (length > listener->tls->fragment_size) {
+               radlog(L_INFO,
+                      "Received packet will be too large! Set \"fragment_size=%u\"",
+                      (data[2] << 8) | data[3]);
                goto do_close;
        }