From: Eric Covener <covener@apache.org>
Date: Thu, 21 Aug 2014 13:11:15 +0000 (+0000)
Subject: A misplaced check for inflation limits prevented limiting relatively
X-Git-Tag: 2.5.0-alpha~3882
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=18bc74d06e8d77ff4dd29414ba9987eb644f92d8;p=apache

A misplaced check for inflation limits prevented limiting relatively
small inputs.  PR56872

Submitted By: Edward Lu
Committed By: covener



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1619383 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c
index bab19c69f3..11e38405cf 100644
--- a/modules/filters/mod_deflate.c
+++ b/modules/filters/mod_deflate.c
@@ -1370,26 +1370,6 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
                         ctx->stream.next_out = ctx->buffer;
                         len = c->bufferSize - ctx->stream.avail_out;
 
-                        ctx->inflate_total += len;
-                        if (inflate_limit && ctx->inflate_total > inflate_limit) { 
-                            inflateEnd(&ctx->stream);
-                            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02648)
-                                    "Inflated content length of %" APR_OFF_T_FMT
-                                    " is larger than the configured limit"
-                                    " of %" APR_OFF_T_FMT, 
-                                    ctx->inflate_total, inflate_limit);
-                            return APR_ENOSPC;
-                        }
-
-                        if (!check_ratio(r, ctx, dc)) {
-                            inflateEnd(&ctx->stream);
-                            ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02649)
-                                    "Inflated content ratio is larger than the "
-                                    "configured limit %i by %i time(s)",
-                                    dc->ratio_limit, dc->ratio_burst);
-                            return APR_EINVAL;
-                        }
-
                         ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len);
                         tmp_heap = apr_bucket_heap_create((char *)ctx->buffer, len,
                                                           NULL, f->c->bucket_alloc);
@@ -1398,6 +1378,27 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
                     }
 
                     zRC = inflate(&ctx->stream, Z_NO_FLUSH);
+                    len = c->bufferSize - ctx->stream.avail_out;
+
+                    ctx->inflate_total += len;
+                    if (inflate_limit && ctx->inflate_total > inflate_limit) { 
+                        inflateEnd(&ctx->stream);
+                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02648)
+                                "Inflated content length of %" APR_OFF_T_FMT
+                                " is larger than the configured limit"
+                                " of %" APR_OFF_T_FMT, 
+                                ctx->inflate_total, inflate_limit);
+                        return APR_ENOSPC;
+                    }
+
+                    if (!check_ratio(r, ctx, dc)) {
+                        inflateEnd(&ctx->stream);
+                        ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02649)
+                                "Inflated content ratio is larger than the "
+                                "configured limit %i by %i time(s)",
+                                dc->ratio_limit, dc->ratio_burst);
+                        return APR_EINVAL;
+                    }
 
                     if (zRC == Z_STREAM_END) {
                         ctx->validation_buffer = apr_pcalloc(r->pool,