blob: 6a16ffc4514bd7e88c6f6593c173fb82c431f28b (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
|
Return-Path: <Pavel@Janik.cz>
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
[172.17.192.35])
by mail.linuxfoundation.org (Postfix) with ESMTPS id 2E56C86
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 2 Dec 2015 06:47:31 +0000 (UTC)
X-Greylist: from auto-whitelisted by SQLgrey-1.7.6
Received: from janik.cz (h.janik.cz [79.98.78.37])
by smtp1.linuxfoundation.org (Postfix) with ESMTP id 19A4114D
for <bitcoin-dev@lists.linuxfoundation.org>;
Wed, 2 Dec 2015 06:47:29 +0000 (UTC)
Received: from [10.0.0.100] (unknown [10.0.0.100])
by janik.cz (Server) with ESMTP id 8DD9E34E2F5;
Wed, 2 Dec 2015 07:48:07 +0100 (CET)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\))
From: =?utf-8?Q?Pavel_Jan=C3=ADk?= <Pavel@Janik.cz>
In-Reply-To: <565E30C6.1010002@bitcartel.com>
Date: Wed, 2 Dec 2015 07:47:28 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <AF49F870-0600-47D1-8AC6-EEBFAA5B1C24@Janik.cz>
References: <565CD7D8.3070102@gmail.com>
<90EF4E6C-9A71-4A35-A938-EAFC1A24DD24@mattcorallo.com>
<04188281-6A0C-4178-B2CA-BDE799C4FE9F@Janik.cz>
<565E30C6.1010002@bitcartel.com>
To: Simon Liu <simon@bitcartel.com>
X-Mailer: Apple Mail (2.2104)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,T_RP_MATCHES_RCVD
autolearn=ham version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
smtp1.linux-foundation.org
Cc: Bitcoin Dev <bitcoin-dev@lists.linuxfoundation.org>
Subject: Re: [bitcoin-dev] [BIP Draft] Datastream compression of Blocks and
Transactions
X-BeenThere: bitcoin-dev@lists.linuxfoundation.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Bitcoin Development Discussion <bitcoin-dev.lists.linuxfoundation.org>
List-Unsubscribe: <https://lists.linuxfoundation.org/mailman/options/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=unsubscribe>
List-Archive: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/>
List-Post: <mailto:bitcoin-dev@lists.linuxfoundation.org>
List-Help: <mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=help>
List-Subscribe: <https://lists.linuxfoundation.org/mailman/listinfo/bitcoin-dev>,
<mailto:bitcoin-dev-request@lists.linuxfoundation.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Dec 2015 06:47:31 -0000
> On 02 Dec 2015, at 00:44, Simon Liu <simon@bitcartel.com> wrote:
>=20
> Hi Matt/Pavel,
>=20
> Why is it scary/undesirable? Thanks.
Select your preferable compression library and google for it with +CVE.
E.g. in zlib:
=
http://www.cvedetails.com/vulnerability-list/vendor_id-72/product_id-1820/=
GNU-Zlib.html
=E2=80=A6allows remote attackers to cause a denial of service (crash) =
via a crafted compressed stream=E2=80=A6
=E2=80=A6allows remote attackers to cause a denial of service =
(application crash)=E2=80=A6
etc.
Do you want to expose such lib to the potential attacker?
-- =20
Pavel Jan=C3=ADk
|
