[BUG] Gunzip module may cause requests to fail

Valentin V. Bartenev vbart at nginx.com
Mon Nov 30 15:16:08 UTC 2015


On Monday 30 November 2015 13:20:02 Aviram Cohen wrote:
> Hello!
> 
> A couple of years ago, I've reported the following bug:
> http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004442.html
> 
> Responses with empty bodies with the header "Content-Encoding: gzip" used to cause requests to hang.
> There has been a fix, but now it seems that the requests simply fails.
> 
> Reviewing the code, it appears that the following happens:
> - An empty last buffer arrives into the gunzip module's body filter.
> - The gunzip module's ngx_http_gunzip_filter_add_data() calculates and input buffer size (it is 0), and it is later in fed to zlib's inflate(), along with the paramter Z_FINISH
> - inflate() is later called, and returned Z_BUF_ERROR. This causes error handling to shut down the request and the connection. The client gets an empty response.
> 
> I'm not sure what a proper fix would be, but I can suggest the following:
> 1. In ngx_http_gunzip_header_filter() check the content length, and don't create a gunzip ctx if it is 0.
> 2. In ngx_http_gunzip_body_filter(), check if gunzip has started ("!ctx->started"). If it hasn't and the input buffer is the last one, simply jump to the next filter. This handles the case that the response with is chunked encoding.
> 
> Would be great to hear the development team's opinion.
> 

Why do you think that it's a bug in nginx?

For me "Content-Encoding gzip" without gzip wrapper doesn't look like a valid
gzip encoded response.

  wbr, Valentin V. Bartenev



More information about the nginx-devel mailing list