From: Joe Orton Date: Wed, 8 Apr 2026 14:08:31 +0000 (+0000) Subject: mod_mime_magic: Disable decompression by default, add config option X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=10232a0180a85f97d47b2d38436196397c3ccc5b;p=thirdparty%2Fapache%2Fhttpd.git mod_mime_magic: Disable decompression by default, add config option to enable it. * modules/metadata/mod_mime_magic.c (magic_server_config_rec): Add decompression_enabled field. (create_magic_server_config, merge_magic_server_config): Initialize and merge decompression_enabled. (set_decompression): New function. (magic_cmds): Add MimeMagicDecompression directive. (tryit): Only decompress files when decompression is enabled. * docs/manual/mod/mod_mime_magic.xml: Document MimeMagicDecompression directive. PR: 69985 Submitted by: Gordon Messmer Github: closes #625 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1932902 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/changes-entries/pr69985.txt b/changes-entries/pr69985.txt new file mode 100644 index 0000000000..070c65a090 --- /dev/null +++ b/changes-entries/pr69985.txt @@ -0,0 +1,4 @@ + *) mod_mime_magic: Add MimeMagicDecompression directive to control + decompression of compressed files for MIME type detection. + Decompression is now disabled by default. PR 69985. + [Gordon Messmer ] diff --git a/docs/manual/mod/mod_mime_magic.xml b/docs/manual/mod/mod_mime_magic.xml index bd79868a4e..18ff7d2633 100644 --- a/docs/manual/mod/mod_mime_magic.xml +++ b/docs/manual/mod/mod_mime_magic.xml @@ -271,4 +271,64 @@ using the specified magic file + +MimeMagicDecompression +Enable decompression of compressed files for MIME type detection +MimeMagicDecompression On|Off +MimeMagicDecompression Off +server configvirtual host + + + +

The MimeMagicDecompression directive controls + whether mod_mime_magic will attempt to decompress files + that appear to be compressed (gzip, compress, etc.) in order to determine + the MIME type of the uncompressed content. This feature is disabled + by default and should only be enabled if you understand the + significant drawbacks. It exists to maintain backward compatibility with + previous releases of httpd, but its use is discouraged.

+ + Security and Compatibility Issues +

This feature has several serious flaws and is disabled by default:

+
    +
  1. Not RFC-compliant: Standards documents consistently + recommend against setting Content-Encoding for files that are already + compressed (such as .zip or .gz files). See + RFC 9110.
    2. + +
  2. Breaks content integrity: When Content-Encoding is set, + most HTTP clients will decompress the file before writing it to disk. This + causes the downloaded file to have a different size and checksum than the + original, breaking signature verification and checksum validation. Software + distribution sites will find this particularly problematic.
    3. + +
  3. Unpredictable behavior: This feature only applies to + files that don't match a MIME type via file extension. This can lead to + inconsistent behavior where some files in a directory are affected and + others are not, making problems difficult to diagnose.
    4. + +
  4. Performance impact: Decompression requires forking and + executing an external gzip process for each compressed file, + which adds significant overhead.
    5. + +
  5. Security risk: Passing untrusted uploaded file data to + an external binary (gzip) could potentially expose the server to + compression bombs, resource exhaustion, or remote code execution + vulnerabilities in the decompression tool.
    6. +
+ + + Example (not recommended) + +# Only enable if you fully understand the risks +MimeMagicDecompression On + + + +

In most cases, it is better to ensure files have proper extensions + that can be mapped via mod_mime rather than relying on + this feature.

+ + + diff --git a/modules/metadata/mod_mime_magic.c b/modules/metadata/mod_mime_magic.c index 05585ba776..799d3fc563 100644 --- a/modules/metadata/mod_mime_magic.c +++ b/modules/metadata/mod_mime_magic.c @@ -118,6 +118,8 @@ #define MAXMIMESTRING 256 +#define UNSET -1 + /* HOWMANY must be at least 4096 to make gzip -dcq work */ #define HOWMANY 4096 /* SMALL_HOWMANY limits how much work we do to figure out text files */ @@ -456,6 +458,7 @@ typedef struct { const char *magicfile; /* where magic be found */ struct magic *magic; /* head of magic config list */ struct magic *last; + int decompression_enabled; /* whether to decompress files for content detection */ } magic_server_config_rec; /* per-request info */ @@ -472,8 +475,11 @@ module AP_MODULE_DECLARE_DATA mime_magic_module; static void *create_magic_server_config(apr_pool_t *p, server_rec *d) { + magic_server_config_rec *conf; /* allocate the config - use pcalloc because it needs to be zeroed */ - return apr_pcalloc(p, sizeof(magic_server_config_rec)); + conf = apr_pcalloc(p, sizeof(magic_server_config_rec)); + conf->decompression_enabled = UNSET; + return conf; } static void *merge_magic_server_config(apr_pool_t *p, void *basev, void *addv) @@ -484,6 +490,8 @@ static void *merge_magic_server_config(apr_pool_t *p, void *basev, void *addv) apr_palloc(p, sizeof(magic_server_config_rec)); new->magicfile = add->magicfile ? add->magicfile : base->magicfile; + new->decompression_enabled = (add->decompression_enabled != UNSET) ? + add->decompression_enabled : base->decompression_enabled; new->magic = NULL; new->last = NULL; return new; @@ -502,6 +510,16 @@ static const char *set_magicfile(cmd_parms *cmd, void *dummy, const char *arg) return NULL; } +static const char *set_decompression(cmd_parms *cmd, void *dummy, int arg) +{ + magic_server_config_rec *conf = (magic_server_config_rec *) + ap_get_module_config(cmd->server->module_config, + &mime_magic_module); + + conf->decompression_enabled = arg; + return NULL; +} + /* * configuration file commands - exported to Apache API */ @@ -510,6 +528,13 @@ static const command_rec mime_magic_cmds[] = { AP_INIT_TAKE1("MimeMagicFile", set_magicfile, NULL, RSRC_CONF, "Path to MIME Magic file (in file(1) format)"), + AP_INIT_FLAG("MimeMagicDecompression", set_decompression, NULL, RSRC_CONF, + "Enable decompression of compressed files for content type detection " + "(Off by default). WARNING: This feature is NOT RFC-compliant, can be " + "unpredictable, breaks content integrity (clients will decompress files " + "causing checksum mismatches), impacts performance (fork/exec overhead), " + "and is unsafe (passes untrusted data to external gzip binary). " + "Use only if you understand these risks."), {NULL} }; @@ -878,10 +903,13 @@ static int magic_process(request_rec *r) static int tryit(request_rec *r, unsigned char *buf, apr_size_t nb, int checkzmagic) { + magic_server_config_rec *conf = (magic_server_config_rec *) + ap_get_module_config(r->server->module_config, &mime_magic_module); + /* - * Try compression stuff + * Try compression stuff (only if decompression is enabled) */ - if (checkzmagic == 1) { + if (checkzmagic == 1 && conf && conf->decompression_enabled == 1) { if (zmagic(r, buf, nb) == 1) return OK; }