| blob | 249151cc9b2992dc4e129cd9af54e7551d24cdfa |
1 /* Copyright (c) 2004, Roger Dingledine.
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 /**
7 * \file torgzip.c
8 * \brief A simple in-memory gzip implementation.
9 **/
13 #include <stdlib.h>
14 #include <stdio.h>
15 #include <assert.h>
16 #ifdef _MSC_VER
18 #else
19 #include <zlib.h>
20 #endif
21 #include <string.h>
22 #ifdef HAVE_NETINET_IN_H
23 #include <netinet/in.h>
24 #endif
30 /** Set to 1 if zlib is a version that supports gzip; set to 0 if it doesn't;
31 * set to -1 if we haven't checked yet. */
34 /** Return true iff we support gzip-based compression. Otherwise, we need to
35 * use zlib. */
36 int
38 {
46 else
50 }
52 /** Return the 'bits' value to tell zlib to use <b>method</b>.*/
55 {
56 /* Bits+16 means "use gzip" in zlib >= 1.2 */
58 }
60 /* These macros define the maximum allowable compression factor. Anything of
61 * size greater than CHECK_FOR_COMPRESSION_BOMB_AFTER is not allowed to
62 * have an uncompression factor (uncompressed size:compressed size ratio) of
63 * any greater than MAX_UNCOMPRESSION_FACTOR.
64 *
65 * Picking a value for MAX_UNCOMPRESSION_FACTOR is a trade-off: we want it to
66 * be small to limit the attack multiplier, but we also want it to be large
67 * enough so that no legitimate document --even ones we might invent in the
68 * future -- ever compresses by a factor of greater than
69 * MAX_UNCOMPRESSION_FACTOR. Within those parameters, there's a reasonably
70 * large range of possible values. IMO, anything over 8 is probably safe; IMO
71 * anything under 50 is probably sufficient.
72 */
73 #define MAX_UNCOMPRESSION_FACTOR 25
74 #define CHECK_FOR_COMPRESSION_BOMB_AFTER (1024*64)
76 /** Return true if uncompressing an input of size <b>in_size</b> to an input
77 * of size at least <b>size_out</b> looks like a compression bomb. */
78 static int
80 {
85 }
87 /** Given <b>in_len</b> bytes at <b>in</b>, compress them into a newly
88 * allocated buffer, using the method described in <b>method</b>. Store the
89 * compressed string in *<b>out</b>, and its length in *<b>out_len</b>.
90 * Return 0 on success, -1 on failure.
91 */
92 int
95 compress_method_t method)
96 {
99 off_t offset;
109 /* Old zlib version don't support gzip in deflateInit2 */
112 }
127 }
129 /* Guess 50% compression. */
138 {
142 /* In case zlib doesn't work as I think .... */
152 }
159 }
166 }
167 }
168 done:
170 #ifdef OPENBSD
171 /* "Hey Rocky! Watch me change an unsigned field to a signed field in a
172 * third-party API!"
173 * "Oh, that trick will just make people do unsafe casts to the unsigned
174 * type in their cross-platform code!"
175 * "Don't be foolish. I'm _sure_ they'll have the good sense to make sure
176 * the newly unsigned field isn't negative." */
178 #endif
180 /* If we're wasting more than 4k, don't. */
182 }
186 }
193 }
196 err:
200 }
203 }
205 }
207 /** Given zero or more zlib-compressed or gzip-compressed strings of
208 * total length
209 * <b>in_len</b> bytes at <b>in</b>, uncompress them into a newly allocated
210 * buffer, using the method described in <b>method</b>. Store the uncompressed
211 * string in *<b>out</b>, and its length in *<b>out_len</b>. Return 0 on
212 * success, -1 on failure.
213 *
214 * If <b>complete_only</b> is true, we consider a truncated input as a
215 * failure; otherwise we decompress as much as we can. Warn about truncated
216 * or corrupt inputs at <b>protocol_warn_level</b>.
217 */
218 int
221 compress_method_t method,
224 {
227 off_t offset;
236 /* Old zlib version don't support gzip in inflateInit2 */
239 }
255 }
268 {
272 /* There may be more compressed data here. */
276 }
281 }
286 /* In case zlib doesn't work as I think.... */
294 }
301 }
306 }
310 }
317 }
324 }
325 }
326 done:
333 }
335 /* NUL-terminate output. */
341 err:
345 }
348 }
350 }
352 /** Try to tell whether the <b>in_len</b>-byte string in <b>in</b> is likely
353 * to be compressed or not. If it is, return the likeliest compression method.
354 * Otherwise, return UNKNOWN_METHOD.
355 */
356 compress_method_t
358 {
366 }
367 }
369 /** Internal state for an incremental zlib compression/decompression. The
370 * body of this struct is not exposed. */
375 /* Number of bytes read so far. Used to detect zlib bombs. */
377 /* Number of bytes written so far. Used to detect zlib bombs. */
379 };
381 /** Construct and return a tor_zlib_state_t object using <b>method</b>. If
382 * <b>compress</b>, it's for compression; otherwise it's for
383 * decompression. */
384 tor_zlib_state_t *
386 {
390 /* Old zlib version don't support gzip in inflateInit2 */
393 }
407 }
410 err:
413 }
415 /** Compress/decompress some bytes using <b>state</b>. Read up to
416 * *<b>in_len</b> bytes from *<b>in</b>, and write up to *<b>out_len</b> bytes
417 * to *<b>out</b>, adjusting the values as we go. If <b>finish</b> is true,
418 * we've reached the end of the input.
419 *
420 * Return TOR_ZLIB_DONE if we've finished the entire compression/decompression.
421 * Return TOR_ZLIB_OK if we're processed everything from the input.
422 * Return TOR_ZLIB_BUF_FULL if we're out of space on <b>out</b>.
423 * Return TOR_ZLIB_ERR if the stream is corrupt.
424 */
425 tor_zlib_output_t
430 {
443 }
457 }
460 {
475 }
476 }
478 /** Deallocate <b>state</b>. */
479 void
481 {
486 else
490 }