From a196fdb622590baaed46de0719daa151086c0ed6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Thu, 28 Sep 2017 15:14:50 +0200 Subject: [PATCH 1/4] Fix typo in buffers.c. --- src/common/buffers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/common/buffers.c b/src/common/buffers.c index bf10c55962..e9e4487832 100644 --- a/src/common/buffers.c +++ b/src/common/buffers.c @@ -964,7 +964,7 @@ buf_get_line(buf_t *buf, char *data_out, size_t *data_len) return 1; } -/** Compress on uncompress the data_len bytes in data using the +/** Compress or uncompress the data_len bytes in data using the * compression state state, appending the result to buf. If * done is true, flush the data in the state and finish the * compression/uncompression. Return -1 on failure, 0 on success. */ From c3b7f9d762a8c0245d7df952840412e890245c23 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Thu, 28 Sep 2017 15:15:37 +0200 Subject: [PATCH 2/4] Fix whitespace issue in compress.c --- src/common/compress.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/common/compress.c b/src/common/compress.c index c13a3b0aed..7de3a683a3 100644 --- a/src/common/compress.c +++ b/src/common/compress.c @@ -555,9 +555,9 @@ tor_compress_process(tor_compress_state_t *state, finish); break; case LZMA_METHOD: - rv =tor_lzma_compress_process(state->u.lzma_state, - out, out_len, in, in_len, - finish); + rv = tor_lzma_compress_process(state->u.lzma_state, + out, out_len, in, in_len, + finish); break; case ZSTD_METHOD: rv = tor_zstd_compress_process(state->u.zstd_state, From 44dc4b73ec89a4bc442f602f58ad84f5fec5f380 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Thu, 28 Sep 2017 16:46:10 +0200 Subject: [PATCH 3/4] Better error handling when trying to compress/decompress into empty buffer. This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we have a input bytes left to process, but are out of output buffer or in case we need to finish where the compression implementation might need to write an epilogue. See: https://bugs.torproject.org/23551 --- changes/bug23551 | 3 +++ src/common/compress.c | 7 +++++++ 2 files changed, 10 insertions(+) create mode 100644 changes/bug23551 diff --git a/changes/bug23551 b/changes/bug23551 new file mode 100644 index 0000000000..2f918bfa3a --- /dev/null +++ b/changes/bug23551 @@ -0,0 +1,3 @@ + o Minor bugfixes (compression): + - Handle a pathological case when decompressing Zstandard data when the + output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha. diff --git a/src/common/compress.c b/src/common/compress.c index 7de3a683a3..bc12a58ad6 100644 --- a/src/common/compress.c +++ b/src/common/compress.c @@ -547,6 +547,13 @@ tor_compress_process(tor_compress_state_t *state, const size_t out_len_orig = *out_len; tor_compress_output_t rv; + if (*out_len == 0 && (*in_len > 0 || finish)) { + // If we still have input data, but no space for output data, we might as + // well return early and let the caller do the reallocation of the out + // variable. + return TOR_COMPRESS_BUFFER_FULL; + } + switch (state->method) { case GZIP_METHOD: case ZLIB_METHOD: From c2fac2c6b0f9a2bdc9198cca900dbbf3440c34d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alexander=20F=C3=A6r=C3=B8y?= Date: Thu, 28 Sep 2017 18:46:18 +0200 Subject: [PATCH 4/4] Enable disabled test that was disabled due to bug #23551 See: https://bugs.torproject.org/23551 --- src/test/test_util.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/test/test_util.c b/src/test/test_util.c index 162f6fbc0a..a46e82c715 100644 --- a/src/test/test_util.c +++ b/src/test/test_util.c @@ -6086,8 +6086,7 @@ struct testcase_t util_tests[] = { COMPRESS_DOS(zlib, "deflate"), COMPRESS_DOS(gzip, "gzip"), COMPRESS_DOS(lzma, "x-tor-lzma"), - // Disabled for now, since it triggers #23551 - // COMPRESS_DOS(zstd, "x-zstd"), + COMPRESS_DOS(zstd, "x-zstd"), UTIL_TEST(gzip_compression_bomb, TT_FORK), UTIL_LEGACY(datadir), UTIL_LEGACY(memarea),