[tor/maint-0.2.1] clean up message; explain a magic number in a comment


Mon Feb 28 22:06:02 UTC 2011


commit 1fcfc186284a375bab2595162564f0dd6c1d19f0
Author: Nick Mathewson <nickm at torproject.org>
Date:   Sat Jan 15 12:12:10 2011 -0500

    clean up message; explain a magic number in a comment
---
 src/common/torgzip.c |   15 ++++++++++++---
 1 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/src/common/torgzip.c b/src/common/torgzip.c
index 7678668..249151c 100644
--- a/src/common/torgzip.c
+++ b/src/common/torgzip.c
@@ -58,9 +58,18 @@ method_bits(compress_method_t method)
 }
 
 /* These macros define the maximum allowable compression factor.  Anything of
- * size greater than <b>check_for_compression_bomb_after</b> is not allowed to
+ * size greater than CHECK_FOR_COMPRESSION_BOMB_AFTER is not allowed to
  * have an uncompression factor (uncompressed size:compressed size ratio) of
- * any greater than MAX_UNCOMPRESSION_FACTOR. */
+ * any greater than MAX_UNCOMPRESSION_FACTOR.
+ *
+ * Picking a value for MAX_UNCOMPRESSION_FACTOR is a trade-off: we want it to
+ * be small to limit the attack multiplier, but we also want it to be large
+ * enough so that no legitimate document --even ones we might invent in the
+ * future -- ever compresses by a factor of greater than
+ * MAX_UNCOMPRESSION_FACTOR. Within those parameters, there's a reasonably
+ * large range of possible values. IMO, anything over 8 is probably safe; IMO
+ * anything under 50 is probably sufficient.
+ */
 #define MAX_UNCOMPRESSION_FACTOR 25
 #define CHECK_FOR_COMPRESSION_BOMB_AFTER (1024*64)
 
@@ -291,7 +300,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
           goto err;
         }
         if (is_compression_bomb(in_len, out_size)) {
-          log_warn(LD_GENERAL, "Input looks look a possible zlib bomb; "
+          log_warn(LD_GENERAL, "Input looks like a possible zlib bomb; "
                    "not proceeding.");
           goto err;
         }





More information about the tor-commits mailing list