[BUG] Gunzip module may cause requests to fail

Aviram Cohen aviram at adallom.com
Mon Nov 30 13:20:02 UTC 2015


A couple of years ago, I've reported the following bug:

Responses with empty bodies with the header "Content-Encoding: gzip" used to cause requests to hang.
There has been a fix, but now it seems that the requests simply fails.

Reviewing the code, it appears that the following happens:
- An empty last buffer arrives into the gunzip module's body filter.
- The gunzip module's ngx_http_gunzip_filter_add_data() calculates and input buffer size (it is 0), and it is later in fed to zlib's inflate(), along with the paramter Z_FINISH
- inflate() is later called, and returned Z_BUF_ERROR. This causes error handling to shut down the request and the connection. The client gets an empty response.

I'm not sure what a proper fix would be, but I can suggest the following:
1. In ngx_http_gunzip_header_filter() check the content length, and don't create a gunzip ctx if it is 0.
2. In ngx_http_gunzip_body_filter(), check if gunzip has started ("!ctx->started"). If it hasn't and the input buffer is the last one, simply jump to the next filter. This handles the case that the response with is chunked encoding.

Would be great to hear the development team's opinion.

Best regards,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20151130/3b771fbc/attachment.html>

More information about the nginx-devel mailing list