Merge r1572092 from trunk:

mod_deflate: fix decompression of files larger than 4GB. According to RFC1952,
Input SIZE (compLen) contains the size of the original input data modulo 2^32.

PR: 56062
Submitted by: Lukas Bezdicka
Reviewed by: ylavic, breser, wrowe

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611806 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index e2a5715f3175ab10d45a441e497ba24c7f7ed706..ad8a7b02afdf20d433fe9239f61a83f4ca97ddef 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -21,6 +21,9 @@ Changes with Apache 2.2.28
      Fix a race condition in scoreboard handling, which could lead to
      a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]
 
+  *) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
+     [Lukas Bezdicka <social v3.sk>]
+
   *) mod_dav: Fix improper encoding in PROPFIND responses.  PR 56480.
      [Ben Reser]
 

diff --git a/STATUS b/STATUS
index fa656ac3a0a4785d16f0efcf5ea10b12d47182a8..344c140f6ea36fc6a50e848ac7cab7f26a7ad75a 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -99,16 +99,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_deflate: Fix decompression of files larger than 4GB. According to RFC1952,
-                  Input SIZE contains the size of the original input data modulo 2^32.
-                  PR 56062.
-     trunk patch: http://svn.apache.org/r1572092
-                  http://svn.apache.org/r1603156 (partially, CHANGES update)
-     2.4.x patch: http://svn.apache.org/r1604460 (2.4.10)
-     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_4GB.patch
-                  (modulo CHANGES)
-     +1: ylavic, breser, wrowe
-
    * mod_proxy: Don't reuse a SSL backend connection whose SNI differs. PR 55782.
                 This may happen when ProxyPreserveHost is on and the proxy-worker
                 handles connections to different Hosts.

diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c
index 4f415e00382c875371809d90c492b3b731264ca5..38cd4545f49e4008975c209aedcb6d5e6e8b5a30 100644 (file)
--- a/modules/filters/mod_deflate.c
+++ b/modules/filters/mod_deflate.c
@@ -1062,7 +1062,8 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
                     }
                     ctx->stream.next_in += 4;
                     compLen = getLong(ctx->stream.next_in);
-                    if (ctx->stream.total_out != compLen) {
+                    /* gzip stores original size only as 4 byte value */
+                    if ((ctx->stream.total_out & 0xFFFFFFFF) != compLen) {
                         inflateEnd(&ctx->stream);
                         return APR_EGENERAL;
                     }
@@ -1253,7 +1254,8 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,
                 }
                 ctx->validation_buffer += VALIDATION_SIZE / 2;
                 compLen = getLong(ctx->validation_buffer);
-                if (ctx->stream.total_out != compLen) {
+                /* gzip stores original size only as 4 byte value */
+                if ((ctx->stream.total_out & 0xFFFFFFFF) != compLen) {
                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                                   "Zlib: Length of inflated stream invalid");
                     return APR_EGENERAL;