decompressor: more flexible way to limit output size of gzip decompressor (#21864)

Signed-off-by: giantcroc <changran.wang@intel.com> Mirrored from https://github.com/envoyproxy/envoy @ 41da908b801f3662f85204da8a0645962ab61252
3 years ago · 717d4c79fa
parent 5bc91a43b1
commit 717d4c79fa
1 changed files with 6 additions and 0 deletions
--- a/envoy/extensions/compression/gzip/decompressor/v3/gzip.proto
+++ b/envoy/extensions/compression/gzip/decompressor/v3/gzip.proto
@ -27,4 +27,10 @@ message Gzip {
  // Value for zlib's decompressor output buffer. If not set, defaults to 4096.
  // See https://www.zlib.net/manual.html for more details.
  google.protobuf.UInt32Value chunk_size = 2 [(validate.rules).uint32 = {lte: 65536 gte: 4096}];
+
+  // An upper bound to the number of times the output buffer is allowed to be bigger than the size of
+  // the accumulated input. This value is used to prevent decompression bombs. If not set, defaults to 100.
+  // [#comment:TODO(rojkov): Re-design the Decompressor interface to handle compression bombs gracefully instead of this quick solution.
+  // See https://github.com/envoyproxy/envoy/commit/d4c39e635603e2f23e1e08ddecf5a5fb5a706338 for details.]
+  google.protobuf.UInt32Value max_inflate_ratio = 3 [(validate.rules).uint32 = {lte: 1032 gte: 1}];
 }