From: Alexander Færøy <ahf@torproject.org>
Date: Thu, 28 Sep 2017 14:46:10 +0000 (+0200)
Subject: Better error handling when trying to compress/decompress into empty buffer.
X-Git-Tag: tor-0.3.2.2-alpha~12^2^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8d6940814a90166e468cee810820e8fc5b74e89d;p=thirdparty%2Ftor.git

Better error handling when trying to compress/decompress into empty buffer.

This patch ensures that we return TOR_COMPRESS_BUFFER_FULL in case we
have a input bytes left to process, but are out of output buffer or in
case we need to finish where the compression implementation might need
to write an epilogue.

See: https://bugs.torproject.org/23551
---

diff --git a/changes/bug23551 b/changes/bug23551
new file mode 100644
index 0000000000..2f918bfa3a
--- /dev/null
+++ b/changes/bug23551
@@ -0,0 +1,3 @@
+  o Minor bugfixes (compression):
+    - Handle a pathological case when decompressing Zstandard data when the
+      output buffer size is zero. Fixes bug 23551; bugfix on 0.3.1.1-alpha.
diff --git a/src/common/compress.c b/src/common/compress.c
index 7926faaa60..beeff5fcb8 100644
--- a/src/common/compress.c
+++ b/src/common/compress.c
@@ -546,6 +546,13 @@ tor_compress_process(tor_compress_state_t *state,
   const size_t out_len_orig = *out_len;
   tor_compress_output_t rv;
 
+  if (*out_len == 0 && (*in_len > 0 || finish)) {
+    // If we still have input data, but no space for output data, we might as
+    // well return early and let the caller do the reallocation of the out
+    // variable.
+    return TOR_COMPRESS_BUFFER_FULL;
+  }
+
   switch (state->method) {
     case GZIP_METHOD:
     case ZLIB_METHOD: