[BUG] Gunzip module may cause requests to hang

Mon Oct 28 20:21:53 UTC 2013

Hello!

On Mon, Oct 28, 2013 at 06:53:21PM +0200, Aviram Cohen wrote:

> Hello!
> 
> I have encountered the following possible bug in Nginx -
> When using the proxy_pass directive along with 'gunzip on;' in the same
> location, if replies from the remote server are empty but contain the
> header 'Content-Encoding: gzip', the request hangs (the worker process
> doesn't get stuck and can still serve other requests).
> 
> This was reproduced in v1.4.3.
> 
> If anyone can verify the problem and suggest a patch to solve the issue,
> that would be great.

Something like this should be appropriate:

--- a/src/http/modules/ngx_http_gunzip_filter_module.c
+++ b/src/http/modules/ngx_http_gunzip_filter_module.c
@@ -500,9 +500,13 @@ ngx_http_gunzip_filter_inflate(ngx_http_
         return NGX_OK;
     }
 
-    if (rc == Z_STREAM_END && ctx->flush == Z_FINISH
-        && ctx->zstream.avail_in == 0)
-    {
+    if (ctx->flush == Z_FINISH && ctx->zstream.avail_in == 0) {
+
+        if (rc != Z_STREAM_END) {
+            ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+                          "inflate() returned %d on response end", rc);
+            return NGX_ERROR;
+        }
 
         if (ngx_http_gunzip_filter_inflate_end(r, ctx) != NGX_OK) {
             return NGX_ERROR;


It will close a connection on such a malformed backend response 
and will log appropriate error.

-- 
Maxim Dounin
http://nginx.org/en/donation.html

