You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@serf.apache.org by iv...@apache.org on 2017/09/13 08:45:26 UTC
svn commit: r1808213 - in /serf/branches/1.3.x: ./ STATUS
buckets/deflate_buckets.c test/test_buckets.c
Author: ivan
Date: Wed Sep 13 08:45:26 2017
New Revision: 1808213
URL: http://svn.apache.org/viewvc?rev=1808213&view=rev
Log:
Merge:
* r1805301
Fix an endless loop in the deflate bucket with the truncated input.
Justification:
Bug in the gzip/deflate decoder.
Branch:
^/serf/branches/1.3.x-r1805301
Votes:
+1: kotkov, ivan, rhuijben
Modified:
serf/branches/1.3.x/ (props changed)
serf/branches/1.3.x/STATUS
serf/branches/1.3.x/buckets/deflate_buckets.c
serf/branches/1.3.x/test/test_buckets.c
Propchange: serf/branches/1.3.x/
------------------------------------------------------------------------------
--- svn:mergeinfo (original)
+++ svn:mergeinfo Wed Sep 13 08:45:26 2017
@@ -1,5 +1,6 @@
/serf/branches/1.3.x-fix-outgoing-request-err:1804540-1808208
/serf/branches/1.3.x-r1804008-group:1805337-1808209
+/serf/branches/1.3.x-r1805301:1805336-1808212
/serf/branches/multiple_ssl_impls:1699382
/serf/branches/windows-sspi:1698866-1698877
-/serf/trunk:1699516-1699518,1699520-1699522,1699528,1699530-1699535,1699537,1699539-1699543,1699548-1699549,1699553,1699555-1699556,1699559-1699560,1699563-1699565,1699567-1699570,1699572-1699573,1699578-1699580,1699582-1699597,1699599-1699602,1699607,1699610,1699613,1699615-1699618,1699622-1699623,1699626-1699627,1699633,1699637,1699642,1699645,1699647,1699649-1699650,1699652,1699654-1699655,1699659-1699665,1699671,1699674,1699680-1699683,1699687-1699688,1699690,1699692-1699694,1699698-1699700,1699702,1699707-1699708,1699712-1699716,1699720,1699724,1699728,1699730,1699733,1699762,1699770,1699773,1699777,1699780-1699781,1699791,1699798,1699800-1699801,1699817,1699819,1699838,1699843,1699846,1699850,1699852,1699858-1699859,1699861,1699873,1699881,1699884,1699902-1699903,1699906,1699924,1699926-1699927,1699930,1699932,1699936-1699937,1699941,1699944,1699948-1699950,1699954,1699957,1699964,1699973,1699975,1699985-1699987,1699993-1699994,1700031,1700062,1700128,1700149,1700234,1700236,1
700246,1700270,1700650,1700830,1702096,1702221,1702264,1703624,1704725,1708849,1709155-1709156,1709296,1748673,1757829,1758190,1758193,1804005,1804008,1804016,1804534
+/serf/trunk:1699516-1699518,1699520-1699522,1699528,1699530-1699535,1699537,1699539-1699543,1699548-1699549,1699553,1699555-1699556,1699559-1699560,1699563-1699565,1699567-1699570,1699572-1699573,1699578-1699580,1699582-1699597,1699599-1699602,1699607,1699610,1699613,1699615-1699618,1699622-1699623,1699626-1699627,1699633,1699637,1699642,1699645,1699647,1699649-1699650,1699652,1699654-1699655,1699659-1699665,1699671,1699674,1699680-1699683,1699687-1699688,1699690,1699692-1699694,1699698-1699700,1699702,1699707-1699708,1699712-1699716,1699720,1699724,1699728,1699730,1699733,1699762,1699770,1699773,1699777,1699780-1699781,1699791,1699798,1699800-1699801,1699817,1699819,1699838,1699843,1699846,1699850,1699852,1699858-1699859,1699861,1699873,1699881,1699884,1699902-1699903,1699906,1699924,1699926-1699927,1699930,1699932,1699936-1699937,1699941,1699944,1699948-1699950,1699954,1699957,1699964,1699973,1699975,1699985-1699987,1699993-1699994,1700031,1700062,1700128,1700149,1700234,1700236,1
700246,1700270,1700650,1700830,1702096,1702221,1702264,1703624,1704725,1708849,1709155-1709156,1709296,1748673,1757829,1758190,1758193,1804005,1804008,1804016,1804534,1805301
Modified: serf/branches/1.3.x/STATUS
URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/STATUS?rev=1808213&r1=1808212&r2=1808213&view=diff
==============================================================================
--- serf/branches/1.3.x/STATUS (original)
+++ serf/branches/1.3.x/STATUS Wed Sep 13 08:45:26 2017
@@ -30,11 +30,3 @@ Veto-blocked changes:
Approved changes:
=================
- * r1805301
- Fix an endless loop in the deflate bucket with the truncated input.
- Justification:
- Bug in the gzip/deflate decoder.
- Branch:
- ^/serf/branches/1.3.x-r1805301
- Votes:
- +1: kotkov, ivan, rhuijben
Modified: serf/branches/1.3.x/buckets/deflate_buckets.c
URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/buckets/deflate_buckets.c?rev=1808213&r1=1808212&r2=1808213&view=diff
==============================================================================
--- serf/branches/1.3.x/buckets/deflate_buckets.c (original)
+++ serf/branches/1.3.x/buckets/deflate_buckets.c Wed Sep 13 08:45:26 2017
@@ -281,9 +281,17 @@ static apr_status_t serf_deflate_read(se
zRC = inflate(&ctx->zstream, Z_NO_FLUSH);
- /* We're full or zlib requires more space. Either case, clear
- out our buffer, reset, and return. */
- if (zRC == Z_BUF_ERROR || ctx->zstream.avail_out == 0) {
+ if (zRC == Z_BUF_ERROR && APR_STATUS_IS_EOF(ctx->stream_status) &&
+ ctx->zstream.avail_out > 0) {
+ /* Zlib can't continue, although there's still space in the
+ output buffer. This can happen either if the stream is
+ truncated or corrupted. As we don't know for sure,
+ return a generic error. */
+ return SERF_ERROR_DECOMPRESSION_FAILED;
+ }
+ else if (zRC == Z_BUF_ERROR || ctx->zstream.avail_out == 0) {
+ /* We're full or zlib requires more space. Either case, clear
+ out our buffer, reset, and return. */
serf_bucket_t *tmp;
ctx->zstream.next_out = ctx->buffer;
private_len = ctx->bufferSize - ctx->zstream.avail_out;
Modified: serf/branches/1.3.x/test/test_buckets.c
URL: http://svn.apache.org/viewvc/serf/branches/1.3.x/test/test_buckets.c?rev=1808213&r1=1808212&r2=1808213&view=diff
==============================================================================
--- serf/branches/1.3.x/test/test_buckets.c (original)
+++ serf/branches/1.3.x/test/test_buckets.c Wed Sep 13 08:45:26 2017
@@ -1667,6 +1667,35 @@ static void test_deflate_4GBplus_buckets
#undef BUFSIZE
}
+static void test_deflate_bucket_truncated_data(CuTest *tc)
+{
+ test_baton_t *tb = tc->testBaton;
+ serf_bucket_t *input;
+ serf_bucket_t *bkt;
+ serf_bucket_t *chunk;
+ serf_bucket_alloc_t *alloc = serf_bucket_allocator_create(tb->pool, NULL,
+ NULL);
+
+ /* This is a valid, but truncated gzip data (in two chunks). */
+ input = serf_bucket_aggregate_create(alloc);
+ chunk = SERF_BUCKET_SIMPLE_STRING_LEN("\x1F\x8B\x08\x00\x00", 5, alloc);
+ serf_bucket_aggregate_append(input, chunk);
+ chunk = SERF_BUCKET_SIMPLE_STRING_LEN("\x00\x00\x00\x00\x03", 5, alloc);
+ serf_bucket_aggregate_append(input, chunk);
+
+ bkt = serf_bucket_deflate_create(input, alloc, SERF_DEFLATE_GZIP);
+ {
+ char buf[1024];
+ apr_size_t len;
+ apr_status_t status;
+
+ status = read_all(bkt, buf, sizeof(buf), &len);
+ CuAssertIntEquals(tc, SERF_ERROR_DECOMPRESSION_FAILED, status);
+ }
+
+ serf_bucket_destroy(bkt);
+}
+
CuSuite *test_buckets(void)
{
CuSuite *suite = CuSuiteNew();
@@ -1701,6 +1730,7 @@ CuSuite *test_buckets(void)
data so it's disabled by default. */
SUITE_ADD_TEST(suite, test_deflate_4GBplus_buckets);
#endif
+ SUITE_ADD_TEST(suite, test_deflate_bucket_truncated_data);
#if 0
SUITE_ADD_TEST(suite, test_serf_default_read_iovec);