Allow tor_gzip_uncompress to extract as much as possible from truncated compressed data. Also, fix a bug where truncated compressed data could break tor_gzip_uncompress. [This last part is a backport candidate.]

svn:r5247

src/common/torgzip.c

@@ -154,7 +154,8 @@ tor_gzip_compress(char **out, size_t *out_len,
 int
 tor_gzip_uncompress(char **out, size_t *out_len,
                     const char *in, size_t in_len,
-                    compress_method_t method)
+                    compress_method_t method,
+                    int complete_only)
 {
   struct z_stream_s *stream = NULL;
   size_t out_size;
@@ -195,11 +196,12 @@ tor_gzip_uncompress(char **out, size_t *out_len,
   stream->avail_out = out_size;
 
   while (1) {
-    switch (inflate(stream, Z_FINISH))
+    switch (inflate(stream, complete_only ? Z_FINISH : Z_SYNC_FLUSH))
       {
       case Z_STREAM_END:
         if (stream->avail_in == 0)
           goto done;
+        /* There may be more compressed data here. */
         if (inflateInit2(stream, method_bits(method)) != Z_OK) {
           log_fn(LOG_WARN, "Error from inflateInit2: %s",
                  stream->msg?stream->msg:"<no message>");
@@ -207,10 +209,16 @@ tor_gzip_uncompress(char **out, size_t *out_len,
         }
         break;
       case Z_OK:
+        if (!complete_only && stream->avail_in == 0)
+          goto done;
         /* In case zlib doesn't work as I think.... */
         if (stream->avail_out >= stream->avail_in+16)
           break;
       case Z_BUF_ERROR:
+        if (stream->avail_out > 0) {
+          log_fn(LOG_WARN, "possible truncated or corrupt zlib data");
+          goto err;
+        }
         offset = stream->next_out - (unsigned char*)*out;
         out_size *= 2;
         *out = tor_realloc(*out, out_size);

src/common/torgzip.h

@@ -23,7 +23,8 @@ tor_gzip_compress(char **out, size_t *out_len,
 int
 tor_gzip_uncompress(char **out, size_t *out_len,
                     const char *in, size_t in_len,
-                    compress_method_t method);
+                    compress_method_t method,
+                    int complete_only);
 
 int is_gzip_supported(void);
 

src/or/directory.c

@@ -878,11 +878,11 @@ connection_dir_client_reached_eof(connection_t *conn)
     }
     /* Try declared compression first if we can. */
     if (compression > 0)
-      tor_gzip_uncompress(&new_body, &new_len, body, body_len, compression);
+      tor_gzip_uncompress(&new_body, &new_len, body, body_len, compression, 1);
     /* Okay, if that didn't work, and we think that it was compressed
      * differently, try that. */
     if (!new_body && guessed > 0 && compression != guessed)
-      tor_gzip_uncompress(&new_body, &new_len, body, body_len, guessed);
+      tor_gzip_uncompress(&new_body, &new_len, body, body_len, guessed, 1);
     /* If we're pretty sure that we have a compressed directory, and
      * we didn't manage to uncompress it, then warn and bail. */
     if (!plausible && !new_body) {

src/or/test.c

@@ -919,7 +919,7 @@ test_gzip(void)
     test_assert(!memcmp(buf2, "\037\213", 2)); /* Gzip magic. */
     test_eq(detect_compression_method(buf2, len1), GZIP_METHOD);
 
-    test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1, GZIP_METHOD));
+    test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1, GZIP_METHOD, 1));
     test_assert(buf3);
     test_streq(buf1,buf3);
 
@@ -933,20 +933,40 @@ test_gzip(void)
   test_assert(!memcmp(buf2, "\x78\xDA", 2)); /* deflate magic. */
   test_eq(detect_compression_method(buf2, len1), ZLIB_METHOD);
 
-  test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1, ZLIB_METHOD));
+  test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1, ZLIB_METHOD, 1));
   test_assert(buf3);
   test_streq(buf1,buf3);
 
+  /* Check whether we can uncompress concatenated, compresed strings. */
   tor_free(buf3);
   buf2 = tor_realloc(buf2, len1*2);
   memcpy(buf2+len1, buf2, len1);
-  test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1*2, ZLIB_METHOD));
+  test_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1*2, ZLIB_METHOD, 1));
   test_eq(len2, (strlen(buf1)+1)*2);
   test_memeq(buf3,
              "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0"
              "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZAAAAAAAAAAAAAAAAAAAZ\0",
              (strlen(buf1)+1)*2);
 
+  tor_free(buf1);
+  tor_free(buf2);
+  tor_free(buf3);
+
+  /* Check whether we can uncompress partial strings. */
+  buf1 = tor_strdup("String with low redundancy that won't be compressed much.");
+  test_assert(!tor_gzip_compress(&buf2, &len1, buf1, strlen(buf1)+1,ZLIB_METHOD));
+  tor_assert(len1>16);
+  /* when we allow an uncomplete string, we should succeed.*/
+  tor_assert(!tor_gzip_uncompress(&buf3, &len2, buf2, len1-16, ZLIB_METHOD, 0));
+  buf3[len2]='\0';
+  tor_assert(len2 > 5);
+  tor_assert(!strcmpstart(buf1, buf3));
+
+  /* when we demand a complete string, this must fail. */
+  tor_free(buf3);
+  tor_assert(tor_gzip_uncompress(&buf3, &len2, buf2, len1-16, ZLIB_METHOD, 1));
+  tor_assert(!buf3);
+
   tor_free(buf2);
   tor_free(buf3);
   tor_free(buf1);