[BUG] Gunzip module may cause requests to fail
Maxim Dounin
mdounin at mdounin.ru
Tue Dec 15 02:35:29 UTC 2015
Hello!
On Sun, Dec 06, 2015 at 12:00:02PM +0000, Aviram Cohen wrote:
> Thank you, Maxim. I think we pretty much agree.
> The following is the suggested patch. Didn't include a patch for a chunked response, as you are right, that can evolve from an application error.
> Feel free to change the error message.
>
> diff -r cebc9a2c2144 src/http/modules/ngx_http_gunzip_filter_module.c
> --- a/src/http/modules/ngx_http_gunzip_filter_module.c Tue Apr 21 17:11:58 2015 +0300
> +++ b/src/http/modules/ngx_http_gunzip_filter_module.c Fri Dec 04 01:54:14 2015 +0200
> @@ -140,6 +140,12 @@
>
> r->gzip_vary = 1;
>
> + if (r->headers_out.content_length_n == 0) {
> + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
> + "gunzip filter: zero length data to decompress");
> + return ngx_http_next_header_filter(r);
> + }
> +
- There are no reasons for r->gzip_vary to be set in case of
error.
- As minimal gzip file size is 20 bytes, and checking only
specific case of 0 bytes is suboptimal.
[...]
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list