URL:
<http://gna.org/bugs/?21297>
Summary: Network compression could cause network buffer
overflow and cut connection
Project: Freeciv
Submitted by: jtn
Submitted on: Sat Nov 23 21:14:29 2013
Category: None
Severity: 2 - Minor
Priority: 5 - Normal
Status: None
Assigned to: None
Originator Email:
Open/Closed: Open
Release:
Discussion Lock: Any
Operating System: Any
Planned Release:
_______________________________________________________
Details:
Somewhat theoretical:
On a connection on which conn_compression_freeze() has been called, if about
512kbyte (MAX_LEN_BUFFER) of uncompressed data accumulates before it's thawed,
it'll be compressed and pushed to the network in one go (even though the
connection remains compression-frozen).
However, the thing that dumps it to the network (connection_send_data()) will
barf if the network buffer ever gets more than MAX_LEN_BUFFER in it, which it
could well do with this single giant lump of data, which makes this
potentially fragile.
To make things worse, if the connection also has do_buffer_sends set, the
buffer can contain up to MAX_LEN_PACKET bytes, which makes it more likely to
push us over the edge.
For this to actually matter, the compressed data would have to be about the
same size as the uncompressed data. Possibly this can be triggered by messing
with the environment variable FREECIV_COMPRESSION_LEVEL (since otherwise I
doubt we transmit very incompressible data).
(Also noticed in passing that conn_compression_flush() can send a compressed
packet that's slightly bigger than the uncompressed one would be, if it goes
to jumbo encoding. Hardly matters, but could fix in passing.)
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?21297>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Freeciv-dev mailing list
[email protected]
https://mail.gna.org/listinfo/freeciv-dev
