[erlang-questions] zlib design flaw?
Robert Wilkinson
bob@REDACTED
Wed Sep 24 10:17:42 CEST 2014
On Wed, Sep 24, 2014 at 11:55:18AM +0900, Park, Sungjin wrote:
>
> We recently had some malicious packets which were not very big in the first
> place but inflated to really big ones - hundreds of megabytes each. As a
> result, the server crashed with out-of-memory by the processes calling
> zlib:inflate/2. Urgency forced us to make a custom NIF library with
> inflation size limit. We also studied erlang reference manual but couldn't
> find anything useful. The zlib library source code shows even
> zlib:setBufSize/2 does not prevent producing very big binaries.
>
> Not being able to know how big the data would become after inflation, it
> should be a quite common problem. So I'm curious if I missed something
> very simple and nice. Is there anything like that?
Hi Sungjin
The articles referenced at http://en.wikipedia.org/wiki/Zip_bomb
should give you some insight into the problem, in general.
Bob
More information about the erlang-questions
mailing list