DragonFlyBSD Kernel Audit
← dashboard
DF-0268

No decompression bomb (zip bomb) protection

Summary

No limit on decompression ratio. Small compressed input -> huge output. inflate loop has no time/ratio/byte cap. PPP peer sends highly-compressed stream -> CPU/memory exhaustion DoS. avail_out bounded by caller but loop itself has no limit.