Summary: Network compression could cause network buffer
overflow and cut connection
                 Project: Freeciv
            Submitted by: jtn
            Submitted on: Sat Nov 23 21:14:29 2013
                Category: None
                Severity: 2 - Minor
                Priority: 5 - Normal
                  Status: None
             Assigned to: None
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
        Operating System: Any
         Planned Release: 



Somewhat theoretical:

On a connection on which conn_compression_freeze() has been called, if about
512kbyte (MAX_LEN_BUFFER) of uncompressed data accumulates before it's thawed,
it'll be compressed and pushed to the network in one go (even though the
connection remains compression-frozen).

However, the thing that dumps it to the network (connection_send_data()) will
barf if the network buffer ever gets more than MAX_LEN_BUFFER in it, which it
could well do with this single giant lump of data, which makes this
potentially fragile.

To make things worse, if the connection also has do_buffer_sends set, the
buffer can contain up to MAX_LEN_PACKET bytes, which makes it more likely to
push us over the edge.

For this to actually matter, the compressed data would have to be about the
same size as the uncompressed data. Possibly this can be triggered by messing
with the environment variable FREECIV_COMPRESSION_LEVEL (since otherwise I
doubt we transmit very incompressible data).

(Also noticed in passing that conn_compression_flush() can send a compressed
packet that's slightly bigger than the uncompressed one would be, if it goes
to jumbo encoding. Hardly matters, but could fix in passing.)


Reply to this item at:


  Message sent via/by Gna!

Freeciv-dev mailing list

Reply via email to