From: Yann Ylavic <ylavic@apache.org>
Date: Fri, 18 Jul 2014 21:03:41 +0000 (+0000)
Subject: Merge r1572092 from trunk:
X-Git-Tag: 2.2.28~20
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=96760341df907ea8399cf67f6010261df546b8d6;p=thirdparty%2Fapache%2Fhttpd.git

Merge r1572092 from trunk:

mod_deflate: fix decompression of files larger than 4GB. According to RFC1952,
Input SIZE (compLen) contains the size of the original input data modulo 2^32.

PR: 56062
Submitted by: Lukas Bezdicka
Reviewed by: ylavic, breser, wrowe



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1611806 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index e2a5715f317..ad8a7b02afd 100644
--- a/CHANGES
+++ b/CHANGES
@@ -21,6 +21,9 @@ Changes with Apache 2.2.28
      Fix a race condition in scoreboard handling, which could lead to
      a heap buffer overflow.  [Joe Orton, Eric Covener, Jeff Trawick]
 
+  *) mod_deflate: Fix inflation of files larger than 4GB. PR 56062.
+     [Lukas Bezdicka <social v3.sk>]
+
   *) mod_dav: Fix improper encoding in PROPFIND responses.  PR 56480.
      [Ben Reser]
 
diff --git a/STATUS b/STATUS
index fa656ac3a0a..344c140f6ea 100644
--- a/STATUS
+++ b/STATUS
@@ -99,16 +99,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_deflate: Fix decompression of files larger than 4GB. According to RFC1952,
-                  Input SIZE contains the size of the original input data modulo 2^32.
-                  PR 56062.
-     trunk patch: http://svn.apache.org/r1572092
-                  http://svn.apache.org/r1603156 (partially, CHANGES update)
-     2.4.x patch: http://svn.apache.org/r1604460 (2.4.10)
-     2.2.x patch: http://people.apache.org/~ylavic/httpd-2.2.x-mod_deflate_4GB.patch
-                  (modulo CHANGES)
-     +1: ylavic, breser, wrowe
-
    * mod_proxy: Don't reuse a SSL backend connection whose SNI differs. PR 55782.
                 This may happen when ProxyPreserveHost is on and the proxy-worker
                 handles connections to different Hosts.
diff --git a/modules/filters/mod_deflate.c b/modules/filters/mod_deflate.c
index 4f415e00382..38cd4545f49 100644
--- a/modules/filters/mod_deflate.c
+++ b/modules/filters/mod_deflate.c
@@ -1062,7 +1062,8 @@ static apr_status_t deflate_in_filter(ap_filter_t *f,
                     }
                     ctx->stream.next_in += 4;
                     compLen = getLong(ctx->stream.next_in);
-                    if (ctx->stream.total_out != compLen) {
+                    /* gzip stores original size only as 4 byte value */
+                    if ((ctx->stream.total_out & 0xFFFFFFFF) != compLen) {
                         inflateEnd(&ctx->stream);
                         return APR_EGENERAL;
                     }
@@ -1253,7 +1254,8 @@ static apr_status_t inflate_out_filter(ap_filter_t *f,
                 }
                 ctx->validation_buffer += VALIDATION_SIZE / 2;
                 compLen = getLong(ctx->validation_buffer);
-                if (ctx->stream.total_out != compLen) {
+                /* gzip stores original size only as 4 byte value */
+                if ((ctx->stream.total_out & 0xFFFFFFFF) != compLen) {
                     ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r,
                                   "Zlib: Length of inflated stream invalid");
                     return APR_EGENERAL;