|
@@ -56,6 +56,7 @@ memory_level(compression_level_t level)
|
|
|
{
|
|
|
switch (level) {
|
|
|
default:
|
|
|
+ case BEST_COMPRESSION: return 9;
|
|
|
case HIGH_COMPRESSION: return 8;
|
|
|
case MEDIUM_COMPRESSION: return 7;
|
|
|
case LOW_COMPRESSION: return 6;
|
|
@@ -70,6 +71,7 @@ method_bits(compress_method_t method, compression_level_t level)
|
|
|
const int flag = method == GZIP_METHOD ? 16 : 0;
|
|
|
switch (level) {
|
|
|
default:
|
|
|
+ case BEST_COMPRESSION:
|
|
|
case HIGH_COMPRESSION: return flag + 15;
|
|
|
case MEDIUM_COMPRESSION: return flag + 13;
|
|
|
case LOW_COMPRESSION: return flag + 11;
|
|
@@ -102,260 +104,6 @@ tor_zlib_get_header_version_str(void)
|
|
|
return ZLIB_VERSION;
|
|
|
}
|
|
|
|
|
|
-/** Given <b>in_len</b> bytes at <b>in</b>, compress them into a newly
|
|
|
- * allocated buffer, using the method described in <b>method</b>. Store the
|
|
|
- * compressed string in *<b>out</b>, and its length in *<b>out_len</b>. Return
|
|
|
- * 0 on success, -1 on failure.
|
|
|
- */
|
|
|
-int
|
|
|
-tor_zlib_compress(char **out, size_t *out_len,
|
|
|
- const char *in, size_t in_len,
|
|
|
- compress_method_t method)
|
|
|
-{
|
|
|
- struct z_stream_s *stream = NULL;
|
|
|
- size_t out_size, old_size;
|
|
|
- off_t offset;
|
|
|
-
|
|
|
- tor_assert(out);
|
|
|
- tor_assert(out_len);
|
|
|
- tor_assert(in);
|
|
|
- tor_assert(in_len < UINT_MAX);
|
|
|
-
|
|
|
- *out = NULL;
|
|
|
-
|
|
|
- stream = tor_malloc_zero(sizeof(struct z_stream_s));
|
|
|
- stream->zalloc = Z_NULL;
|
|
|
- stream->zfree = Z_NULL;
|
|
|
- stream->opaque = NULL;
|
|
|
- stream->next_in = (unsigned char*) in;
|
|
|
- stream->avail_in = (unsigned int)in_len;
|
|
|
-
|
|
|
- if (deflateInit2(stream, Z_BEST_COMPRESSION, Z_DEFLATED,
|
|
|
- method_bits(method, HIGH_COMPRESSION),
|
|
|
- memory_level(HIGH_COMPRESSION),
|
|
|
- Z_DEFAULT_STRATEGY) != Z_OK) {
|
|
|
- //LCOV_EXCL_START -- we can only provoke failure by giving junk arguments.
|
|
|
- log_warn(LD_GENERAL, "Error from deflateInit2: %s",
|
|
|
- stream->msg?stream->msg:"<no message>");
|
|
|
- goto err;
|
|
|
- //LCOV_EXCL_STOP
|
|
|
- }
|
|
|
-
|
|
|
- /* Guess 50% compression. */
|
|
|
- out_size = in_len / 2;
|
|
|
- if (out_size < 1024) out_size = 1024;
|
|
|
- *out = tor_malloc(out_size);
|
|
|
- stream->next_out = (unsigned char*)*out;
|
|
|
- stream->avail_out = (unsigned int)out_size;
|
|
|
-
|
|
|
- while (1) {
|
|
|
- switch (deflate(stream, Z_FINISH))
|
|
|
- {
|
|
|
- case Z_STREAM_END:
|
|
|
- goto done;
|
|
|
- case Z_OK:
|
|
|
- /* In case zlib doesn't work as I think .... */
|
|
|
- if (stream->avail_out >= stream->avail_in+16)
|
|
|
- break;
|
|
|
- case Z_BUF_ERROR:
|
|
|
- offset = stream->next_out - ((unsigned char*)*out);
|
|
|
- old_size = out_size;
|
|
|
- out_size *= 2;
|
|
|
- if (out_size < old_size) {
|
|
|
- log_warn(LD_GENERAL, "Size overflow in compression.");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- *out = tor_realloc(*out, out_size);
|
|
|
- stream->next_out = (unsigned char*)(*out + offset);
|
|
|
- if (out_size - offset > UINT_MAX) {
|
|
|
- log_warn(LD_BUG, "Ran over unsigned int limit of zlib while "
|
|
|
- "uncompressing.");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- stream->avail_out = (unsigned int)(out_size - offset);
|
|
|
- break;
|
|
|
- default:
|
|
|
- log_warn(LD_GENERAL, "Gzip compression didn't finish: %s",
|
|
|
- stream->msg ? stream->msg : "<no message>");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- }
|
|
|
- done:
|
|
|
- *out_len = stream->total_out;
|
|
|
-#if defined(OpenBSD)
|
|
|
- /* "Hey Rocky! Watch me change an unsigned field to a signed field in a
|
|
|
- * third-party API!"
|
|
|
- * "Oh, that trick will just make people do unsafe casts to the unsigned
|
|
|
- * type in their cross-platform code!"
|
|
|
- * "Don't be foolish. I'm _sure_ they'll have the good sense to make sure
|
|
|
- * the newly unsigned field isn't negative." */
|
|
|
- tor_assert(stream->total_out >= 0);
|
|
|
-#endif
|
|
|
- if (deflateEnd(stream)!=Z_OK) {
|
|
|
- // LCOV_EXCL_START -- unreachable if we handled the zlib structure right
|
|
|
- tor_assert_nonfatal_unreached();
|
|
|
- log_warn(LD_BUG, "Error freeing gzip structures");
|
|
|
- goto err;
|
|
|
- // LCOV_EXCL_STOP
|
|
|
- }
|
|
|
- tor_free(stream);
|
|
|
-
|
|
|
- if (tor_compress_is_compression_bomb(*out_len, in_len)) {
|
|
|
- log_warn(LD_BUG, "We compressed something and got an insanely high "
|
|
|
- "compression factor; other Tors would think this was a zlib bomb.");
|
|
|
- goto err;
|
|
|
- }
|
|
|
-
|
|
|
- return 0;
|
|
|
- err:
|
|
|
- if (stream) {
|
|
|
- deflateEnd(stream);
|
|
|
- tor_free(stream);
|
|
|
- }
|
|
|
- tor_free(*out);
|
|
|
- return -1;
|
|
|
-}
|
|
|
-
|
|
|
-/** Given an Zlib/Gzip compressed string of total length <b>in_len</b> bytes
|
|
|
- * at <b>in</b>, uncompress them into a newly allocated buffer. Store the
|
|
|
- * uncompressed string in *<b>out</b>, and its length in *<b>out_len</b>.
|
|
|
- * Return 0 on success, -1 on failure.
|
|
|
- *
|
|
|
- * If <b>complete_only</b> is true, we consider a truncated input as a failure;
|
|
|
- * otherwise we decompress as much as we can. Warn about truncated or corrupt
|
|
|
- * inputs at <b>protocol_warn_level</b>.
|
|
|
- */
|
|
|
-int
|
|
|
-tor_zlib_uncompress(char **out, size_t *out_len,
|
|
|
- const char *in, size_t in_len,
|
|
|
- compress_method_t method,
|
|
|
- int complete_only,
|
|
|
- int protocol_warn_level)
|
|
|
-{
|
|
|
- struct z_stream_s *stream = NULL;
|
|
|
- size_t out_size, old_size;
|
|
|
- off_t offset;
|
|
|
- int r;
|
|
|
-
|
|
|
- tor_assert(out);
|
|
|
- tor_assert(out_len);
|
|
|
- tor_assert(in);
|
|
|
- tor_assert(in_len < UINT_MAX);
|
|
|
-
|
|
|
- *out = NULL;
|
|
|
-
|
|
|
- stream = tor_malloc_zero(sizeof(struct z_stream_s));
|
|
|
- stream->zalloc = Z_NULL;
|
|
|
- stream->zfree = Z_NULL;
|
|
|
- stream->opaque = NULL;
|
|
|
- stream->next_in = (unsigned char*) in;
|
|
|
- stream->avail_in = (unsigned int)in_len;
|
|
|
-
|
|
|
- if (inflateInit2(stream,
|
|
|
- method_bits(method, HIGH_COMPRESSION)) != Z_OK) {
|
|
|
- // LCOV_EXCL_START -- can only hit this if we give bad inputs.
|
|
|
- log_warn(LD_GENERAL, "Error from inflateInit2: %s",
|
|
|
- stream->msg?stream->msg:"<no message>");
|
|
|
- goto err;
|
|
|
- // LCOV_EXCL_STOP
|
|
|
- }
|
|
|
-
|
|
|
- out_size = in_len * 2; /* guess 50% compression. */
|
|
|
- if (out_size < 1024) out_size = 1024;
|
|
|
- if (out_size >= SIZE_T_CEILING || out_size > UINT_MAX)
|
|
|
- goto err;
|
|
|
-
|
|
|
- *out = tor_malloc(out_size);
|
|
|
- stream->next_out = (unsigned char*)*out;
|
|
|
- stream->avail_out = (unsigned int)out_size;
|
|
|
-
|
|
|
- while (1) {
|
|
|
- switch (inflate(stream, complete_only ? Z_FINISH : Z_SYNC_FLUSH))
|
|
|
- {
|
|
|
- case Z_STREAM_END:
|
|
|
- if (stream->avail_in == 0)
|
|
|
- goto done;
|
|
|
- /* There may be more compressed data here. */
|
|
|
- if ((r = inflateEnd(stream)) != Z_OK) {
|
|
|
- log_warn(LD_BUG, "Error freeing gzip structures");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- if (inflateInit2(stream,
|
|
|
- method_bits(method,HIGH_COMPRESSION)) != Z_OK) {
|
|
|
- log_warn(LD_GENERAL, "Error from second inflateInit2: %s",
|
|
|
- stream->msg?stream->msg:"<no message>");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- break;
|
|
|
- case Z_OK:
|
|
|
- if (!complete_only && stream->avail_in == 0)
|
|
|
- goto done;
|
|
|
- /* In case zlib doesn't work as I think.... */
|
|
|
- if (stream->avail_out >= stream->avail_in+16)
|
|
|
- break;
|
|
|
- case Z_BUF_ERROR:
|
|
|
- if (stream->avail_out > 0) {
|
|
|
- log_fn(protocol_warn_level, LD_PROTOCOL,
|
|
|
- "possible truncated or corrupt zlib data");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- offset = stream->next_out - (unsigned char*)*out;
|
|
|
- old_size = out_size;
|
|
|
- out_size *= 2;
|
|
|
- if (out_size < old_size) {
|
|
|
- log_warn(LD_GENERAL, "Size overflow in uncompression.");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- if (tor_compress_is_compression_bomb(in_len, out_size)) {
|
|
|
- log_warn(LD_GENERAL, "Input looks like a possible zlib bomb; "
|
|
|
- "not proceeding.");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- if (out_size >= SIZE_T_CEILING) {
|
|
|
- log_warn(LD_BUG, "Hit SIZE_T_CEILING limit while uncompressing.");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- *out = tor_realloc(*out, out_size);
|
|
|
- stream->next_out = (unsigned char*)(*out + offset);
|
|
|
- if (out_size - offset > UINT_MAX) {
|
|
|
- log_warn(LD_BUG, "Ran over unsigned int limit of zlib while "
|
|
|
- "uncompressing.");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- stream->avail_out = (unsigned int)(out_size - offset);
|
|
|
- break;
|
|
|
- default:
|
|
|
- log_warn(LD_GENERAL, "Gzip decompression returned an error: %s",
|
|
|
- stream->msg ? stream->msg : "<no message>");
|
|
|
- goto err;
|
|
|
- }
|
|
|
- }
|
|
|
- done:
|
|
|
- *out_len = stream->next_out - (unsigned char*)*out;
|
|
|
- r = inflateEnd(stream);
|
|
|
- tor_free(stream);
|
|
|
- if (r != Z_OK) {
|
|
|
- log_warn(LD_BUG, "Error freeing gzip structures");
|
|
|
- goto err;
|
|
|
- }
|
|
|
-
|
|
|
- /* NUL-terminate output. */
|
|
|
- if (out_size == *out_len)
|
|
|
- *out = tor_realloc(*out, out_size + 1);
|
|
|
- (*out)[*out_len] = '\0';
|
|
|
-
|
|
|
- return 0;
|
|
|
- err:
|
|
|
- if (stream) {
|
|
|
- inflateEnd(stream);
|
|
|
- tor_free(stream);
|
|
|
- }
|
|
|
- if (*out) {
|
|
|
- tor_free(*out);
|
|
|
- }
|
|
|
- return -1;
|
|
|
-}
|
|
|
-
|
|
|
/** Internal zlib state for an incremental compression/decompression.
|
|
|
* The body of this struct is not exposed. */
|
|
|
struct tor_zlib_compress_state_t {
|
|
@@ -416,7 +164,7 @@ tor_zlib_compress_new(int compress_,
|
|
|
if (! compress_) {
|
|
|
/* use this setting for decompression, since we might have the
|
|
|
* max number of window bits */
|
|
|
- compression_level = HIGH_COMPRESSION;
|
|
|
+ compression_level = BEST_COMPRESSION;
|
|
|
}
|
|
|
|
|
|
out = tor_malloc_zero(sizeof(tor_zlib_compress_state_t));
|
|
@@ -465,8 +213,11 @@ tor_zlib_compress_process(tor_zlib_compress_state_t *state,
|
|
|
{
|
|
|
int err;
|
|
|
tor_assert(state != NULL);
|
|
|
- tor_assert(*in_len <= UINT_MAX);
|
|
|
- tor_assert(*out_len <= UINT_MAX);
|
|
|
+ if (*in_len > UINT_MAX ||
|
|
|
+ *out_len > UINT_MAX) {
|
|
|
+ return TOR_COMPRESS_ERROR;
|
|
|
+ }
|
|
|
+
|
|
|
state->stream.next_in = (unsigned char*) *in;
|
|
|
state->stream.avail_in = (unsigned int)*in_len;
|
|
|
state->stream.next_out = (unsigned char*) *out;
|