Detect and disallow compression bombs

author: Nick Mathewson <nickm@torproject.org> 2011-01-03 15:54:23 -0500
committer: Nick Mathewson <nickm@torproject.org> 2011-01-03 15:54:23 -0500
commit: 64798dab4f4fa9404c92d98cdb10d312b1f6e556 (patch)
tree: 366970072a2f8ccfc3a55ef1bfdcd334d924d01f /changes
parent: e365aee97110c6c6df6f56ca9814d88c3808a2d1 (diff)
download: tor-64798dab4f4fa9404c92d98cdb10d312b1f6e556.tar.gz
tor-64798dab4f4fa9404c92d98cdb10d312b1f6e556.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/changes/bug2324_uncompress b/changes/bug2324_uncompress
new file mode 100644
index 0000000000..223a3ce35b
--- /dev/null
+++ b/changes/bug2324_uncompress
@@ -0,0 +1,5 @@
+  o Major bugfixes (security):
+    - Prevent a DoS attack by disallowing any zlib-compressed data
+      whose compression factor is implausibly high.  Fixes the
+      second part of bug2324; found by doors.
+
author	Nick Mathewson <nickm@torproject.org>	2011-01-03 15:54:23 -0500
committer	Nick Mathewson <nickm@torproject.org>	2011-01-03 15:54:23 -0500
commit	64798dab4f4fa9404c92d98cdb10d312b1f6e556 (patch)
tree	366970072a2f8ccfc3a55ef1bfdcd334d924d01f /changes
parent	e365aee97110c6c6df6f56ca9814d88c3808a2d1 (diff)
download	tor-64798dab4f4fa9404c92d98cdb10d312b1f6e556.tar.gz tor-64798dab4f4fa9404c92d98cdb10d312b1f6e556.zip