From d9a6b37ab1597ac726e5f972ebfbccf024c58cbc Mon Sep 17 00:00:00 2001
From: Alexander Færøy <ahf@torproject.org>
Date: Wed, 13 Sep 2023 16:13:28 +0200
Subject: Add diagnostic log message for compression bombs.

This patch causes `tor_compress_is_compression_bomb()` to emit a
warning-level log message that lets us learn the potential ratio of the
input to output buffer sizes. Hopefully, this will give us a bit of a
better idea whether the compression bomb ratio needs some tuning.

See: tpo/core/tor#40739.
---
 src/lib/compress/compress.c | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

(limited to 'src/lib')

diff --git a/src/lib/compress/compress.c b/src/lib/compress/compress.c
index 83e63905cc..346e77f07d 100644
--- a/src/lib/compress/compress.c
+++ b/src/lib/compress/compress.c
@@ -66,7 +66,15 @@ tor_compress_is_compression_bomb,(size_t size_in, size_t size_out))
   if (size_in == 0 || size_out < CHECK_FOR_COMPRESSION_BOMB_AFTER)
     return 0;
 
-  return (size_out / size_in > MAX_UNCOMPRESSION_FACTOR);
+  if (size_out / size_in > MAX_UNCOMPRESSION_FACTOR) {
+    log_warn(LD_GENERAL,
+             "Detected possible compression bomb with "
+             "input size = %"TOR_PRIuSZ " and output size = %"TOR_PRIuSZ,
+             size_in, size_out);
+    return 1;
+  }
+
+  return 0;
 }
 
 /** Guess the size that <b>in_len</b> will be after compression or
-- 
cgit v1.2.3-54-g00ecf