WIP: Avoid potential DoS with high compression

Signed-off-by: Sergio Arroutbi <[email protected]>
latchset · May 14, 2024 · 77b7699 · 77b7699
1 parent 76ec70b
commit 77b7699
Show file tree

Hide file tree

Showing 2 changed files with 57 additions and 0 deletions.
diff --git a/lib/zlib/deflate.c b/lib/zlib/deflate.c
@@ -23,8 +23,11 @@
 #define containerof(ptr, type, member) \
     ((type *)((char *) ptr - offsetof(type, member)))
 
+static size_t MAX_COMPRESSED_SIZE = (256*1024);
+
 static size_t SIZE = 4096;
 
+
 typedef struct {
     jose_io_t io;
     jose_io_t *next;
@@ -34,6 +37,9 @@ typedef struct {
 static bool
 feed(jose_io_t *io, const void *in, size_t len, typeof(deflate) *func)
 {
+    if (len > MAX_COMPRESSED_SIZE) {
+        return false;
+    }
     io_t *i = containerof(io, io_t, io);
 
     i->strm.next_in = (void *) in;

diff --git a/tests/alg_comp.c b/tests/alg_comp.c
@@ -19,6 +19,7 @@
 #include <jose/jose.h>
 #include <assert.h>
 #include <string.h>
+#include <stdlib.h>
 
 const struct {
     const char *alg;
@@ -41,6 +42,53 @@ const struct {
     {}
 };
 
+static uint8_t* get_random_string(uint32_t length)
+{
+    assert(length);
+    uint8_t* c = (uint8_t*)malloc(length*sizeof(uint8_t));
+    for (uint32_t i=0; i<length; i++) {
+        c[i] = 'A' + (random() % 26);
+    }
+    return c;
+}
+
+static void
+test_long_string(size_t inputlen) {
+    jose_io_auto_t *b = NULL;
+    jose_io_auto_t *c = NULL;
+    jose_io_auto_t *z = NULL;
+    void *buf1 = NULL;
+    void *buf2 = NULL;
+    size_t blen = 0;
+    size_t clen = 0;
+    const jose_hook_alg_t *a = jose_hook_alg_find(JOSE_HOOK_ALG_KIND_COMP, "DEF");
+    uint8_t* str = get_random_string(inputlen);
+
+
+    /* Test compression first. */
+    b = jose_io_malloc(NULL, &buf1, &blen);
+    assert(b);
+    z = a->comp.def(a, NULL, b);
+    assert(z);
+
+    assert(z->feed(z, str, inputlen));
+    assert(z->done(z));
+
+    /* Test decompression now. */
+    c = jose_io_malloc(NULL, &buf2, &clen);
+    assert(b);
+    z = a->comp.inf(a, NULL, c);
+    assert(z);
+    assert(z->feed(z, buf1, blen));
+    assert(z->done(z));
+
+    /* Compare the final output with the original input. */
+    assert(clen == inputlen);
+    assert(memcmp(buf2, str, inputlen) == 0);
+
+    free(str);
+}
+
 static void
 test(const jose_hook_alg_t *a, bool iter,
      const uint8_t *i, size_t il)
@@ -119,5 +167,8 @@ main(int argc, char *argv[])
              tst_inf, sizeof(tst_inf));
     }
 
+    test_long_string(200000); // inside limits
+    // test_long_string(300000); // outside limits
+
     return EXIT_SUCCESS;
 }