<div dir="ltr">The zlib protocol is fully specified, and it appears the code is working correctly, so the only issue you might have is deciding what to do when you see input which could be seen as malicious (but which is still properly defined). Do you want to abort handling the input stream, or do you have an alternate suggestion?<div><br></div><div>If you don't like the way zlib does it, or prefer a compression scheme which is more predictable, why not try a different compression algorithm, and see if it does any better in these pathological cases. I can specify you several 1:1 "compression" schemes where you only ever get out the same number of bytes you put in, but you'd probably think these safe method are too boring.</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Sep 24, 2014 at 1:15 PM, Guilherme Andrade <span dir="ltr"><<a href="mailto:g@gandrade.net" target="_blank">g@gandrade.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div bgcolor="#FFFFFF" text="#000000">
Hi Sungjin,<br>
<br>
I've recently dealt this with very same issue, albeit only as a
security hardening and a prevention measure; and, like you, I've
looked into the zlib C code that's bundled with erts and arrived at
that same conclusion.<br>
<br>
I was only able to limit it on a theoretical basis: the zlib guys
themselves state[1] that a maximum compression ratio of 1032:1 is
achievable (with big blobs of zeroes.) Therefore, if I want to limit
the uncompressed content to less than, let's say, 5 MiB, I'll only
accept compressed content of up to ~5 KiB. This thinking might be
missing something, though.<br>
<br>
If there's a better/cleaner way to deal with this, I would love to
know.<br>
<br>
Cheers,<br>
<br>
<br>
[1]: <a href="http://www.zlib.net/zlib_tech.html" target="_blank">http://www.zlib.net/zlib_tech.html</a><div><div class="h5"><br>
<br>
<br>
<div>On 24-09-2014 03:55, Park, Sungjin
wrote:<br>
</div>
</div></div><blockquote type="cite"><div><div class="h5">
<div dir="ltr">Hi, I'm about to report a problem with erlang's
zlib library interface which I think is a design flaw at this
point of time.
<div><br>
</div>
<div>We recently had some malicious packets which were not very
big in the first place but inflated to really big ones -
hundreds of megabytes each. As a result, the server crashed
with out-of-memory by the processes calling zlib:inflate/2.
Urgency forced us to make a custom NIF library with inflation
size limit. We also studied erlang reference manual but
couldn't find anything useful. The zlib library source code
shows even zlib:setBufSize/2 does not prevent producing very
big binaries.</div>
<div><br>
</div>
<div>Not being able to know how big the data would become after
inflation, it should be a quite common problem. So I'm
curious if I missed something very simple and nice. Is there
anything like that?</div>
<div>
<div><br>
</div>
-- <br>
Park, Sungjin
<div>-------------------------------------------------------------------------------------------------------------------</div>
<div>Peculiar travel suggestions are dancing lessons from god.</div>
<div> -- The Books of Bokonon</div>
<div>-------------------------------------------------------------------------------------------------------------------</div>
</div>
</div>
<br>
<fieldset></fieldset>
<br>
</div></div><pre>_______________________________________________
erlang-questions mailing list
<a href="mailto:erlang-questions@erlang.org" target="_blank">erlang-questions@erlang.org</a>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><span class="HOEnZb"><font color="#888888">
</font></span></pre><span class="HOEnZb"><font color="#888888">
</font></span></blockquote><span class="HOEnZb"><font color="#888888">
<br>
<pre cols="72">--
Guilherme
<a href="https://www.gandrade.net/" target="_blank">https://www.gandrade.net/</a>
PGP: 0x35CB8191 / 1968 5252 3901 B40F ED8A D67A 9330 79B1 35CB 8191
</pre>
</font></span></div>
<br>_______________________________________________<br>
erlang-questions mailing list<br>
<a href="mailto:erlang-questions@erlang.org">erlang-questions@erlang.org</a><br>
<a href="http://erlang.org/mailman/listinfo/erlang-questions" target="_blank">http://erlang.org/mailman/listinfo/erlang-questions</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Christopher Vance
</div>