Hi, On Sun, Jun 29, 2014 at 12:09:01PM -0400, Jonathan K. Bullard wrote: > Am I correct to assume that OpenVPN's use of LZO is restricted to much > smaller block sizes? I assume the block sizes that OpenVPN uses LZO for are > limited to the maximum packet size, which would be on the order of 1500 > bytes or so (because of MTU size limits).
OpenVPN does not use "cross block" decompression state, so yes, only a single packet at a time is decompressed. For UDP, this is obviously below 64kbyte. For TCP, the OpenVPN socket code imposes a maximum length which is based on MTU + overhead (if I understand the code right, it's a bit complicated) and if the TCP stream claims to contain an "OpenVPN packet" larger than that, the session is torn down. > Or does OpenVPN ever use LZO on larger amounts of data? Is there any > possibility of OpenVPN using LZO on 8MB? I do not see any such possibility. > * Also see the discussion on the LZ4 discussion board > <https://code.google.com/p/lz4/issues/detail?id=52>; the vulnerability was > actually discovered by Ludvig Strigeus > <https://en.wikipedia.org/wiki/Ludvig_Strigeus> eighteen months ago. "git master" contains a copy of lz4 in src/compat/, which I intend to update to their fixed-version - not because I think we're vulnerable, but because I want to avoid questions and user irritation ("they are still shipping the vulnerable version!!"). So it might be a good thing to release new bundles with lzo 2.07 anyway... gert -- USENET is *not* the non-clickable part of WWW! //www.muc.de/~gert/ Gert Doering - Munich, Germany g...@greenie.muc.de fax: +49-89-35655025 g...@net.informatik.tu-muenchen.de
pgpLtEhdDwVnT.pgp
Description: PGP signature
