[tor-commits] [tor/master] Enforce the rule that COMPRESS_OK means progress was made.

Wed Jun 21 00:29:08 UTC 2017

commit 9328bd524e38befe240fd729a9febb4dfe8b5be4
Author: Nick Mathewson <nickm at torproject.org>
Date:   Tue Jun 20 12:26:57 2017 -0400

    Enforce the rule that COMPRESS_OK means progress was made.
    
    If COMPRESS_OK occurs but data is neither consumed nor generated,
    treat it as a BUG and a COMPRESS_ERROR.
    
    This change is meant to prevent infinite loops in the case where
    we've made a mistake in one of our compression backends.
    
    Closes ticket 22672.
---
 changes/bug22672      |  5 +++++
 src/common/compress.c | 36 +++++++++++++++++++++++++-----------
 2 files changed, 30 insertions(+), 11 deletions(-)

diff --git a/changes/bug22672 b/changes/bug22672
new file mode 100644
index 0000000..ec66811
--- /dev/null
+++ b/changes/bug22672
@@ -0,0 +1,5 @@
+  o Minor features (compression, defensive programming):
+    - Detect and break out of infinite loops in our compression code.
+      We don't think that any such loops exist now, but it's best to be
+      safe. Closes ticket 22672.
+
diff --git a/src/common/compress.c b/src/common/compress.c
index c16d1b5..46aa1d5 100644
--- a/src/common/compress.c
+++ b/src/common/compress.c
@@ -548,28 +548,42 @@ tor_compress_process(tor_compress_state_t *state,
                      int finish)
 {
   tor_assert(state != NULL);
+  const size_t in_len_orig = *in_len;
+  const size_t out_len_orig = *out_len;
+  tor_compress_output_t rv;
 
   switch (state->method) {
     case GZIP_METHOD:
     case ZLIB_METHOD:
-      return tor_zlib_compress_process(state->u.zlib_state,
-                                       out, out_len, in, in_len,
-                                       finish);
+      rv = tor_zlib_compress_process(state->u.zlib_state,
+                                     out, out_len, in, in_len,
+                                     finish);
+      break;
     case LZMA_METHOD:
-      return tor_lzma_compress_process(state->u.lzma_state,
-                                       out, out_len, in, in_len,
-                                       finish);
+      rv =tor_lzma_compress_process(state->u.lzma_state,
+                                    out, out_len, in, in_len,
+                                    finish);
+      break;
     case ZSTD_METHOD:
-      return tor_zstd_compress_process(state->u.zstd_state,
-                                       out, out_len, in, in_len,
-                                       finish);
+      rv = tor_zstd_compress_process(state->u.zstd_state,
+                                     out, out_len, in, in_len,
+                                     finish);
+      break;
     case NO_METHOD:
-      return tor_cnone_compress_process(out, out_len, in, in_len,
-                                        finish);
+      rv = tor_cnone_compress_process(out, out_len, in, in_len,
+                                      finish);
+      break;
+    default:
     case UNKNOWN_METHOD:
       goto err;
   }
+  if (BUG((rv == TOR_COMPRESS_OK) &&
+          *in_len == in_len_orig &&
+          *out_len == out_len_orig)) {
+    return TOR_COMPRESS_ERROR;
+  }
 
+  return rv;
  err:
   return TOR_COMPRESS_ERROR;
 }



