summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2017-06-20 20:26:45 -0400
committerNick Mathewson <nickm@torproject.org>2017-06-20 20:26:45 -0400
commitc999e84436a5f7ba1964abd4ae502212f0995bcb (patch)
treedcaae22c35169275f1202e7b254444a9154310c0
parentc4152a25e354b3408570603c8481302bf986f65c (diff)
parent9328bd524e38befe240fd729a9febb4dfe8b5be4 (diff)
downloadtor-c999e84436a5f7ba1964abd4ae502212f0995bcb.tar.gz
tor-c999e84436a5f7ba1964abd4ae502212f0995bcb.zip
Merge branch 'bug22672_031' into maint-0.3.1
-rw-r--r--changes/bug226725
-rw-r--r--src/common/compress.c36
2 files changed, 30 insertions, 11 deletions
diff --git a/changes/bug22672 b/changes/bug22672
new file mode 100644
index 0000000000..ec6681149d
--- /dev/null
+++ b/changes/bug22672
@@ -0,0 +1,5 @@
+ o Minor features (compression, defensive programming):
+ - Detect and break out of infinite loops in our compression code.
+ We don't think that any such loops exist now, but it's best to be
+ safe. Closes ticket 22672.
+
diff --git a/src/common/compress.c b/src/common/compress.c
index c16d1b51ee..46aa1d52ba 100644
--- a/src/common/compress.c
+++ b/src/common/compress.c
@@ -548,28 +548,42 @@ tor_compress_process(tor_compress_state_t *state,
int finish)
{
tor_assert(state != NULL);
+ const size_t in_len_orig = *in_len;
+ const size_t out_len_orig = *out_len;
+ tor_compress_output_t rv;
switch (state->method) {
case GZIP_METHOD:
case ZLIB_METHOD:
- return tor_zlib_compress_process(state->u.zlib_state,
- out, out_len, in, in_len,
- finish);
+ rv = tor_zlib_compress_process(state->u.zlib_state,
+ out, out_len, in, in_len,
+ finish);
+ break;
case LZMA_METHOD:
- return tor_lzma_compress_process(state->u.lzma_state,
- out, out_len, in, in_len,
- finish);
+ rv =tor_lzma_compress_process(state->u.lzma_state,
+ out, out_len, in, in_len,
+ finish);
+ break;
case ZSTD_METHOD:
- return tor_zstd_compress_process(state->u.zstd_state,
- out, out_len, in, in_len,
- finish);
+ rv = tor_zstd_compress_process(state->u.zstd_state,
+ out, out_len, in, in_len,
+ finish);
+ break;
case NO_METHOD:
- return tor_cnone_compress_process(out, out_len, in, in_len,
- finish);
+ rv = tor_cnone_compress_process(out, out_len, in, in_len,
+ finish);
+ break;
+ default:
case UNKNOWN_METHOD:
goto err;
}
+ if (BUG((rv == TOR_COMPRESS_OK) &&
+ *in_len == in_len_orig &&
+ *out_len == out_len_orig)) {
+ return TOR_COMPRESS_ERROR;
+ }
+ return rv;
err:
return TOR_COMPRESS_ERROR;
}