[BUG] Gunzip module may cause requests to fail

[Aviram Cohen]

Hello!

A couple of years ago, I've reported the following bug:
http://mailman.nginx.org/pipermail/nginx-devel/2013-October/004442.html

Responses with empty bodies with the header "Content-Encoding: gzip" used to cause requests to hang.
There has been a fix, but now it seems that the requests simply fails.

Reviewing the code, it appears that the following happens:
- An empty last buffer arrives into the gunzip module's body filter.
- The gunzip module's ngx_http_gunzip_filter_add_data() calculates and input buffer size (it is 0), and it is later in fed to zlib's inflate(), along with the paramter Z_FINISH
- inflate() is later called, and returned Z_BUF_ERROR. This causes error handling to shut down the request and the connection. The client gets an empty response.

I'm not sure what a proper fix would be, but I can suggest the following:
1. In ngx_http_gunzip_header_filter() check the content length, and don't create a gunzip ctx if it is 0.
2. In ngx_http_gunzip_body_filter(), check if gunzip has started ("!ctx->started"). If it hasn't and the input buffer is the last one, simply jump to the next filter. This handles the case that the response with is chunked encoding.

Would be great to hear the development team's opinion.

Best regards,
Aviram


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20151130/3b771fbc/attachment.html>