# HG changeset patch # User Matt Johnston # Date 1298901087 0 # Node ID 53c21d4ec98a983426f9175305a5f2ac8820a8b7 # Parent 8220862baae829ebc762587b99c662480d57bb23 - Don't allow setting memLevel since that doesn't work properly - Better handling of the case where compressing makes the data larger (possibly only happens when memLevel is adjusted, but better to be safe) diff -r 8220862baae8 -r 53c21d4ec98a options.h --- a/options.h Thu Feb 24 14:21:36 2011 +0000 +++ b/options.h Mon Feb 28 13:51:27 2011 +0000 @@ -133,19 +133,15 @@ /* #define DSS_PROTOK */ /* Control the memory/performance/compression tradeoff for zlib. - * Set windowBits=8, memLevel=1 for least memory usage, see your system's + * Set windowBits=8 for least memory usage, see your system's * zlib.h for full details. - * Default settings (windowBits=15, memLevel=8) will use - * 256kB for compression + 32kB for decompression. - * windowBits=8, memLevel=1 will use 10kB compression + 32kB decompression. - * Note that windowBits is only set for deflate() - inflate() always uses the - * default of 15 so as to interoperate with other clients. */ + * Default settings (windowBits=15) will use 256kB for compression + * windowBits=8 will use 129kB for compression. + * Both modes will use ~35kB for decompression (using windowBits=15 for + * interoperability) */ #ifndef DROPBEAR_ZLIB_WINDOW_BITS #define DROPBEAR_ZLIB_WINDOW_BITS 15 #endif -#ifndef DROPBEAR_ZLIB_MEM_LEVEL -#define DROPBEAR_ZLIB_MEM_LEVEL 8 -#endif /* Whether to do reverse DNS lookups. */ #define DO_HOST_LOOKUP diff -r 8220862baae8 -r 53c21d4ec98a packet.c --- a/packet.c Thu Feb 24 14:21:36 2011 +0000 +++ b/packet.c Mon Feb 28 13:51:27 2011 +0000 @@ -41,7 +41,7 @@ unsigned char *output_mac); static int checkmac(); -#define ZLIB_COMPRESS_INCR 20 /* this is 12 bytes + 0.1% of 8000 bytes */ +#define ZLIB_COMPRESS_INCR 100 #define ZLIB_DECOMPRESS_INCR 100 #ifndef DISABLE_ZLIB static buffer* buf_decompress(buffer* buf, unsigned int len); @@ -452,14 +452,15 @@ blocksize = ses.keys->trans.algo_crypt->blocksize; mac_size = ses.keys->trans.algo_mac->hashsize; - /* Encrypted packet len is payload+5, then worst case is if we are 3 away - * from a blocksize multiple. In which case we need to pad to the - * multiple, then add another blocksize (or MIN_PACKET_LEN) */ - encrypt_buf_size = (ses.writepayload->len+4+1) + MIN_PACKET_LEN + 3 + /* Encrypted packet len is payload+5. We need to then make sure + * there is enough space for padding or MIN_PACKET_LEN. + * Add extra 3 since we need at least 4 bytes of padding */ + encrypt_buf_size = (ses.writepayload->len+4+1) + + MAX(MIN_PACKET_LEN, blocksize) + 3 /* add space for the MAC at the end */ + mac_size #ifndef DISABLE_ZLIB - /* zlib compression could lengthen the payload in some cases */ + /* some extra in case 'compression' makes it larger */ + ZLIB_COMPRESS_INCR #endif /* and an extra cleartext (stripped before transmission) byte for the @@ -473,7 +474,14 @@ #ifndef DISABLE_ZLIB /* compression */ if (is_compress_trans()) { + int compress_delta; buf_compress(writebuf, ses.writepayload, ses.writepayload->len); + compress_delta = (writebuf->len - PACKET_PAYLOAD_OFF) - ses.writepayload->len; + + /* Handle the case where 'compress' increased the size. */ + if (compress_delta > ZLIB_COMPRESS_INCR) { + buf_resize(writebuf, writebuf->size + compress_delta); + } } else #endif { diff -r 8220862baae8 -r 53c21d4ec98a sysoptions.h --- a/sysoptions.h Thu Feb 24 14:21:36 2011 +0000 +++ b/sysoptions.h Mon Feb 28 13:51:27 2011 +0000 @@ -173,6 +173,10 @@ #define DROPBEAR_KEY_LINES /* ie we're using authorized_keys or known_hosts */ #endif +/* Changing this is inadvisable, it appears to have problems + * with flushing compressed data */ +#define DROPBEAR_ZLIB_MEM_LEVEL 8 + #if defined(ENABLE_SVR_PASSWORD_AUTH) && defined(ENABLE_SVR_PAM_AUTH) #error "You can't turn on PASSWORD and PAM auth both at once. Fix it in options.h" #endif