clean up message; explain a magic number in a comment

2024-11-27 22:03:31 +01:00 · 2011-01-15 12:12:10 -05:00 · 2011-01-15 12:12:10 -05:00 · 1fcfc18628
commit 1fcfc18628
parent d14b0d54d2
1 changed files with 12 additions and 3 deletions
--- a/src/common/torgzip.c
+++ b/src/common/torgzip.c
@ -58,9 +58,18 @@ method_bits(compress_method_t method)
 }

 /* These macros define the maximum allowable compression factor.  Anything of
- * size greater than <b>check_for_compression_bomb_after</b> is not allowed to
+ * size greater than CHECK_FOR_COMPRESSION_BOMB_AFTER is not allowed to
 * have an uncompression factor (uncompressed size:compressed size ratio) of
- * any greater than MAX_UNCOMPRESSION_FACTOR. */
+ * any greater than MAX_UNCOMPRESSION_FACTOR.
+ *
+ * Picking a value for MAX_UNCOMPRESSION_FACTOR is a trade-off: we want it to
+ * be small to limit the attack multiplier, but we also want it to be large
+ * enough so that no legitimate document --even ones we might invent in the
+ * future -- ever compresses by a factor of greater than
+ * MAX_UNCOMPRESSION_FACTOR. Within those parameters, there's a reasonably
+ * large range of possible values. IMO, anything over 8 is probably safe; IMO
+ * anything under 50 is probably sufficient.
+ */
 #define MAX_UNCOMPRESSION_FACTOR 25
 #define CHECK_FOR_COMPRESSION_BOMB_AFTER (1024*64)

@ -291,7 +300,7 @@ tor_gzip_uncompress(char **out, size_t *out_len,
          goto err;
        }
        if (is_compression_bomb(in_len, out_size)) {
-          log_warn(LD_GENERAL, "Input looks look a possible zlib bomb; "
+          log_warn(LD_GENERAL, "Input looks like a possible zlib bomb; "
                   "not proceeding.");
          goto err;
        }