review.tizen.org Git - profile/ivi/libwebsockets.git/commit

author	Andy Green <andy.green@linaro.org>
	Sat, 12 Jan 2013 15:09:36 +0000 (23:09 +0800)
committer	Kevron Rees <kevron_m_rees@linux.intel.com>
	Thu, 7 Mar 2013 21:01:24 +0000 (13:01 -0800)
commit	09af8a76cfa8cf56d49c93c395551cb69517ce77
tree	5d1bc1dd9ca0d6e252b50da9f04bb8a5eafbb942	tree \| snapshot
parent	a0ee5d34f0cc9e412a7870dbd009926d40e5dc3e	commit \| diff

renable deflate frame buffer expansion fixing DoS

This reverts the removal of the deflate_frame code that was crashing after porting
David Galeano's code: he pointed out there's a typo in the merged version causing
the crash which is fixed here.

However the fixed code has a problem, there's no limit (other than int size) to the
amount of memory it will try to malloc, which can allow a DoS of the server by the
client sending malicious compression states that inflate to a large amount. I have
added checking for OOM already that will avert the segfault that would otherwise follow
but the server will be unusuable if malicious connections were made repeatedly each
forcing it to allocate large buffers and cause small allocations on other connections
to fail.

The patch changes the code to use realloc(), and introduces a configurable limit
on the amount of memory one connection may need for zlib before the server hangs
up the connection. It defaults to 64KBytes but can be set from ./configure as
described now in the README.

Signed-off-by: Andy Green <andy.green@linaro.org>

README-test-server		diff \| blob \| history
lib/extension-deflate-frame.c		diff \| blob \| history