- do {
- http_init_inflate_buffer(&Z, data, data_len, decoded, decoded_len, max++);
- if (Z_OK == (status = inflateInit2(&Z, -MAX_WBITS))) {
- if (Z_STREAM_END == (status = inflate(&Z, Z_FINISH))) {
- if (Z_OK == (status = inflateEnd(&Z))) {
- *decoded_len = http_finish_buffer(Z.total_out, decoded);
- return SUCCESS;
- }
+ if (data_len < offset) {
+ goto really_bad_gzip_header;
+ }
+
+ if (data[0] != (const char) 0x1F || data[1] != (const char) 0x8B) {
+ http_error_ex(error_level TSRMLS_CC, HTTP_E_ENCODING, "Unrecognized GZIP header start: 0x%02X 0x%02X", (int) data[0], (int) (data[1] & 0xFF));
+ return FAILURE;
+ }
+
+ if (data[2] != (const char) Z_DEFLATED) {
+ http_error_ex(error_level TSRMLS_CC, HTTP_E_ENCODING, "Unrecognized compression format (%d)", (int) (data[2] & 0xFF));
+ /* still try to decode */
+ }
+ if ((data[3] & 0x4) == 0x4) {
+ if (data_len < offset + 2) {
+ goto really_bad_gzip_header;
+ }
+ /* there are extra fields, the length follows the common header as 2 bytes LSB */
+ offset += (unsigned) ((data[offset] & 0xFF));
+ offset += 1;
+ offset += (unsigned) ((data[offset] & 0xFF) << 8);
+ offset += 1;
+ }
+ if ((data[3] & 0x8) == 0x8) {
+ if (data_len <= offset) {
+ goto really_bad_gzip_header;
+ }
+ /* there's a file name */
+ offset += strlen(&data[offset]) + 1 /*NUL*/;
+ }
+ if ((data[3] & 0x10) == 0x10) {
+ if (data_len <= offset) {
+ goto really_bad_gzip_header;
+ }
+ /* there's a comment */
+ offset += strlen(&data[offset]) + 1 /* NUL */;
+ }
+ if ((data[3] & 0x2) == 0x2) {
+ /* there's a CRC16 of the header */
+ offset += 2;
+ if (data_len <= offset) {
+ goto really_bad_gzip_header;
+ } else {
+ ulong crc, cmp;
+
+ cmp = (unsigned) ((data[offset-2] & 0xFF));
+ cmp += (unsigned) ((data[offset-1] & 0xFF) << 8);
+
+ crc = crc32(0L, Z_NULL, 0);
+ crc = crc32(crc, (const Bytef *) data, sizeof(http_encoding_gzip_header));
+
+ if (cmp != (crc & 0xFFFF)) {
+ http_error_ex(error_level TSRMLS_CC, HTTP_E_ENCODING, "GZIP headers CRC checksums so not match (%lu, %lu)", cmp, crc & 0xFFFF);
+ return FAILURE;