diff options
author | Anna Henningsen <sqrt@entless.org> | 2016-03-24 02:12:40 +0100 |
---|---|---|
committer | Ben Noordhuis <info@bnoordhuis.nl> | 2016-03-31 13:23:31 +0200 |
commit | 54a5287e3eff6625f412a8bcb488a3214a2184d2 (patch) | |
tree | ece87d2ed558fb2f38ae48cdfb17ced7eac81421 /src/node_zlib.cc | |
parent | 33c27f8fcffd7b0c6d609fdd4503b4f7a3c45bcd (diff) | |
download | android-node-v8-54a5287e3eff6625f412a8bcb488a3214a2184d2.tar.gz android-node-v8-54a5287e3eff6625f412a8bcb488a3214a2184d2.tar.bz2 android-node-v8-54a5287e3eff6625f412a8bcb488a3214a2184d2.zip |
zlib: fix gzip member head/buffer boundary issue
Make sure that, even if an `inflate()` call only sees the first
few bytes of a following gzip member, all members are decompressed
and part of the full output.
This change also modifies behaviour for trailing garbage:
If there is trailing garbage which happens to start with the
gzip magic bytes, it is no longer discarded but rather throws
an error, since we cannot reliably tell random garbage from
a valid gzip member anyway and have to try and decompress it.
(Null byte padding is not affected, since it has been pointed
out at various occasions that such padding is normal and
discarded by `gzip(1)`, too.)
Adds tests for the special case that the first `inflate()` call
receives only the first few bytes of a second gzip member but
not the whole header (or even just the magic bytes).
PR-URL: https://github.com/nodejs/node/pull/5883
Reviewed-By: Ben Noordhuis <info@bnoordhuis.nl>
Reviewed-By: James M Snell <jasnell@gmail.com>
Diffstat (limited to 'src/node_zlib.cc')
-rw-r--r-- | src/node_zlib.cc | 16 |
1 files changed, 7 insertions, 9 deletions
diff --git a/src/node_zlib.cc b/src/node_zlib.cc index 0712f8feec..d84344228e 100644 --- a/src/node_zlib.cc +++ b/src/node_zlib.cc @@ -43,7 +43,6 @@ enum node_zlib_mode { #define GZIP_HEADER_ID1 0x1f #define GZIP_HEADER_ID2 0x8b -#define GZIP_MIN_HEADER_SIZE 10 void InitZlib(v8::Local<v8::Object> target); @@ -257,17 +256,16 @@ class ZCtx : public AsyncWrap { ctx->err_ = Z_NEED_DICT; } } - while (ctx->strm_.avail_in >= GZIP_MIN_HEADER_SIZE && + + while (ctx->strm_.avail_in > 0 && ctx->mode_ == GUNZIP && - ctx->err_ == Z_STREAM_END) { + ctx->err_ == Z_STREAM_END && + ctx->strm_.next_in[0] != 0x00) { // Bytes remain in input buffer. Perhaps this is another compressed // member in the same archive, or just trailing garbage. - // Check the header to find out. - if (ctx->strm_.next_in[0] != GZIP_HEADER_ID1 || - ctx->strm_.next_in[1] != GZIP_HEADER_ID2) { - // Not a valid gzip member - break; - } + // Trailing zero bytes are okay, though, since they are frequently + // used for padding. + Reset(ctx); ctx->err_ = inflate(&ctx->strm_, ctx->flush_); } |