From beb41df7ab775ca26d5d57d088e98007359becff Mon Sep 17 00:00:00 2001 From: Sergio Arroutbi Date: Thu, 9 May 2024 17:20:05 +0200 Subject: [PATCH] WIP: Avoid potential DoS with high compression Signed-off-by: Sergio Arroutbi --- lib/hooks.h | 2 ++ lib/zlib/deflate.c | 3 +++ tests/alg_comp.c | 59 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+) diff --git a/lib/hooks.h b/lib/hooks.h index d4cd5f93..026dbb2b 100644 --- a/lib/hooks.h +++ b/lib/hooks.h @@ -20,6 +20,8 @@ #include #include +#define MAX_COMPRESSION_SIZE (256*1024) + typedef enum { JOSE_HOOK_JWK_KIND_NONE = 0, JOSE_HOOK_JWK_KIND_TYPE, diff --git a/lib/zlib/deflate.c b/lib/zlib/deflate.c index 07eca0c9..6defbefe 100644 --- a/lib/zlib/deflate.c +++ b/lib/zlib/deflate.c @@ -34,6 +34,9 @@ typedef struct { static bool feed(jose_io_t *io, const void *in, size_t len, typeof(deflate) *func) { + if (len > MAX_COMPRESSION_SIZE) { + return false; + } io_t *i = containerof(io, io_t, io); i->strm.next_in = (void *) in; diff --git a/tests/alg_comp.c b/tests/alg_comp.c index fcd305c1..ec90cb12 100644 --- a/tests/alg_comp.c +++ b/tests/alg_comp.c @@ -19,6 +19,7 @@ #include #include #include +#include const struct { const char *alg; @@ -41,6 +42,60 @@ const struct { {} }; +const uint32_t long_string_tests[] = { + 200000, MAX_COMPRESSION_SIZE, 300000, 0 +}; + +static uint8_t* get_random_string(uint32_t length) +{ + assert(length); + uint8_t* c = (uint8_t*)malloc(length*sizeof(uint8_t)); + for (uint32_t i=0; icomp.def(a, NULL, b); + assert(z); + + if(inputlen > MAX_COMPRESSION_SIZE) { + assert(!z->feed(z, str, inputlen)); + } else { + assert(z->feed(z, str, inputlen)); + assert(z->done(z)); + + /* Test decompression now. */ + c = jose_io_malloc(NULL, &buf2, &clen); + assert(b); + z = a->comp.inf(a, NULL, c); + assert(z); + assert(z->feed(z, buf1, blen)); + assert(z->done(z)); + + /* Compare the final output with the original input. */ + assert(clen == inputlen); + assert(memcmp(buf2, str, inputlen) == 0); + } + + free(str); +} + static void test(const jose_hook_alg_t *a, bool iter, const uint8_t *i, size_t il) @@ -119,5 +174,9 @@ main(int argc, char *argv[]) tst_inf, sizeof(tst_inf)); } + for (size_t i = 0; long_string_tests[i]; i++) { + test_long_string(long_string_tests[i]); + } + return EXIT_SUCCESS; }