bug 779413 r=bsmith
authorPatrick McManus <mcmanus@ducksong.com>
Tue, 07 Aug 2012 10:44:51 -0400
changeset 103585 90b41051251cc224ea9b3f557955b4e817f7e1ad
parent 103584 09300210812a9e903f55ac03debd48e3b3e4eb14
child 103586 8e4d94efad3ef53258b82f58063f32c1101eaab3
push id37
push usershu@rfrn.org
push dateThu, 16 Aug 2012 01:15:22 +0000
reviewersbsmith
bugs779413
milestone17.0a1
bug 779413 r=bsmith
netwerk/protocol/http/SpdySession2.cpp
netwerk/protocol/http/SpdySession3.cpp
--- a/netwerk/protocol/http/SpdySession2.cpp
+++ b/netwerk/protocol/http/SpdySession2.cpp
@@ -547,17 +547,19 @@ SpdySession2::zlibInit()
   mDownstreamZlib.opaque = Z_NULL;
 
   inflateInit(&mDownstreamZlib);
 
   mUpstreamZlib.zalloc = SpdyStream2::zlib_allocator;
   mUpstreamZlib.zfree = SpdyStream2::zlib_destructor;
   mUpstreamZlib.opaque = Z_NULL;
 
-  deflateInit(&mUpstreamZlib, Z_DEFAULT_COMPRESSION);
+  // mixing carte blanche compression with tls subjects us to traffic
+  // analysis attacks
+  deflateInit(&mUpstreamZlib, Z_NO_COMPRESSION);
   deflateSetDictionary(&mUpstreamZlib,
                        reinterpret_cast<const unsigned char *>
                        (SpdyStream2::kDictionary),
                        strlen(SpdyStream2::kDictionary) + 1);
 
 }
 
 nsresult
--- a/netwerk/protocol/http/SpdySession3.cpp
+++ b/netwerk/protocol/http/SpdySession3.cpp
@@ -548,17 +548,19 @@ SpdySession3::zlibInit()
   mDownstreamZlib.opaque = Z_NULL;
 
   inflateInit(&mDownstreamZlib);
 
   mUpstreamZlib.zalloc = SpdyStream3::zlib_allocator;
   mUpstreamZlib.zfree = SpdyStream3::zlib_destructor;
   mUpstreamZlib.opaque = Z_NULL;
 
-  deflateInit(&mUpstreamZlib, Z_DEFAULT_COMPRESSION);
+  // mixing carte blanche compression with tls subjects us to traffic
+  // analysis attacks
+  deflateInit(&mUpstreamZlib, Z_NO_COMPRESSION);
   deflateSetDictionary(&mUpstreamZlib,
                        SpdyStream3::kDictionary,
                        sizeof(SpdyStream3::kDictionary));
 }
 
 // Need to decompress some data in order to keep the compression
 // context correct, but we really don't care what the result is
 nsresult