Return-Path: Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org [172.17.192.35]) by mail.linuxfoundation.org (Postfix) with ESMTPS id 2E56C86 for ; Wed, 2 Dec 2015 06:47:31 +0000 (UTC) X-Greylist: from auto-whitelisted by SQLgrey-1.7.6 Received: from janik.cz (h.janik.cz [79.98.78.37]) by smtp1.linuxfoundation.org (Postfix) with ESMTP id 19A4114D for ; Wed, 2 Dec 2015 06:47:29 +0000 (UTC) Received: from [10.0.0.100] (unknown [10.0.0.100]) by janik.cz (Server) with ESMTP id 8DD9E34E2F5; Wed, 2 Dec 2015 07:48:07 +0100 (CET) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: =?utf-8?Q?Pavel_Jan=C3=ADk?= In-Reply-To: <565E30C6.1010002@bitcartel.com> Date: Wed, 2 Dec 2015 07:47:28 +0100 Content-Transfer-Encoding: quoted-printable Message-Id: References: <565CD7D8.3070102@gmail.com> <90EF4E6C-9A71-4A35-A938-EAFC1A24DD24@mattcorallo.com> <04188281-6A0C-4178-B2CA-BDE799C4FE9F@Janik.cz> <565E30C6.1010002@bitcartel.com> To: Simon Liu X-Mailer: Apple Mail (2.2104) X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on smtp1.linux-foundation.org Cc: Bitcoin Dev Subject: Re: [bitcoin-dev] [BIP Draft] Datastream compression of Blocks and Transactions X-BeenThere: bitcoin-dev@lists.linuxfoundation.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Bitcoin Development Discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 02 Dec 2015 06:47:31 -0000 > On 02 Dec 2015, at 00:44, Simon Liu wrote: >=20 > Hi Matt/Pavel, >=20 > Why is it scary/undesirable? Thanks. Select your preferable compression library and google for it with +CVE. E.g. in zlib: = http://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/= GNU-Zlib.html =E2=80=A6allows remote attackers to cause a denial of service (crash) = via a crafted compressed stream=E2=80=A6 =E2=80=A6allows remote attackers to cause a denial of service = (application crash)=E2=80=A6 etc. Do you want to expose such lib to the potential attacker? -- =20 Pavel Jan=C3=ADk