From 5cffb8a488b58cb33ea04ccfca7005800fca9d66 Mon Sep 17 00:00:00 2001 From: Yann Ylavic Date: Thu, 21 Aug 2014 15:30:14 +0000 Subject: [PATCH] mod_deflate: follow up to r1619383. deflate_in_filter(): - use inflated bytes per inflate() call to compute the total output bytes, - check zlib errors before limits, - add missing check_ratio() when asked to flush. deflate_out_filter(): - check ratio after each inflate() call. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1619444 13f79535-47bb-0310-9956-ffa450edef68 --- modules/filters/mod_deflate.c | 65 ++++++++++++++++++++--------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c index 11e38405cf..7a50e0d8c1 100644 --- a/modules/filters/mod_deflate.c +++ b/modules/filters/mod_deflate.c @@ -1313,6 +1313,15 @@ static apr_status_t deflate_in_filter(ap_filter_t *f, return APR_ENOSPC; } + if (!check_ratio(r, ctx, dc)) { + inflateEnd(&ctx->stream); + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO() + "Inflated content ratio is larger than the " + "configured limit %i by %i time(s)", + dc->ratio_limit, dc->ratio_burst); + return APR_EINVAL; + } + ctx->crc = crc32(ctx->crc, (const Bytef *)ctx->buffer, len); tmp_b = apr_bucket_heap_create((char *)ctx->buffer, len, NULL, f->c->bucket_alloc); @@ -1377,10 +1386,18 @@ static apr_status_t deflate_in_filter(ap_filter_t *f, ctx->stream.avail_out = c->bufferSize; } + len = ctx->stream.avail_out; zRC = inflate(&ctx->stream, Z_NO_FLUSH); - len = c->bufferSize - ctx->stream.avail_out; - ctx->inflate_total += len; + if (zRC != Z_OK && zRC != Z_STREAM_END) { + inflateEnd(&ctx->stream); + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01392) + "Zlib error %d inflating data (%s)", zRC, + ctx->stream.msg); + return APR_EGENERAL; + } + + ctx->inflate_total += len - ctx->stream.avail_out; if (inflate_limit && ctx->inflate_total > inflate_limit) { inflateEnd(&ctx->stream); ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02648) @@ -1406,14 +1423,6 @@ static apr_status_t deflate_in_filter(ap_filter_t *f, ctx->validation_buffer_length = 0; break; } - - if (zRC != Z_OK) { - inflateEnd(&ctx->stream); - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01392) - "Zlib error %d inflating data (%s)", zRC, - ctx->stream.msg); - return APR_EGENERAL; - } } } @@ -1824,15 +1833,6 @@ static apr_status_t inflate_out_filter(ap_filter_t *f, while (ctx->stream.avail_in != 0) { if (ctx->stream.avail_out == 0) { - - if (!check_ratio(r, ctx, dc)) { - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02650) - "Inflated content ratio is larger than the " - "configured limit %i by %i time(s)", - dc->ratio_limit, dc->ratio_burst); - return APR_EINVAL; - } - ctx->stream.next_out = ctx->buffer; len = c->bufferSize - ctx->stream.avail_out; @@ -1850,6 +1850,21 @@ static apr_status_t inflate_out_filter(ap_filter_t *f, zRC = inflate(&ctx->stream, Z_NO_FLUSH); + if (zRC != Z_OK && zRC != Z_STREAM_END) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01409) + "Zlib error %d inflating data (%s)", zRC, + ctx->stream.msg); + return APR_EGENERAL; + } + + if (!check_ratio(r, ctx, dc)) { + ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(02650) + "Inflated content ratio is larger than the " + "configured limit %i by %i time(s)", + dc->ratio_limit, dc->ratio_burst); + return APR_EINVAL; + } + if (zRC == Z_STREAM_END) { /* * We have inflated all data. Now try to capture the @@ -1864,21 +1879,15 @@ static apr_status_t inflate_out_filter(ap_filter_t *f, "Zlib: %d bytes of garbage at the end of " "compressed stream.", ctx->stream.avail_in - VALIDATION_SIZE); - } else if (ctx->stream.avail_in > 0) { - ctx->validation_buffer_length = ctx->stream.avail_in; + } + else if (ctx->stream.avail_in > 0) { + ctx->validation_buffer_length = ctx->stream.avail_in; } if (ctx->validation_buffer_length) memcpy(ctx->validation_buffer, ctx->stream.next_in, ctx->validation_buffer_length); break; } - - if (zRC != Z_OK) { - ap_log_rerror(APLOG_MARK, APLOG_WARNING, 0, r, APLOGNO(01409) - "Zlib error %d inflating data (%s)", zRC, - ctx->stream.msg); - return APR_EGENERAL; - } } apr_bucket_delete(e); -- 2.50.1