X-Git-Url: https://git.m6w6.name/?p=m6w6%2Fext-http;a=blobdiff_plain;f=http_encoding_api.c;h=4d08e71c2c2bf5e582e74b0ae31c0dd33512489c;hp=432cf15dc0644946ff58488984973029f68d3324;hb=4c47eabee60a0266f3f27bf91528830b32da842e;hpb=2be22e84d69e07de423521f20965363a706636ac

diff --git a/http_encoding_api.c b/http_encoding_api.c
index 432cf15..4d08e71 100644
--- a/http_encoding_api.c
+++ b/http_encoding_api.c
@@ -216,7 +216,7 @@ inline STATUS http_verify_gzencode_buffer(const char *data, size_t data_len, con
 		http_error_ex(error_level TSRMLS_CC, HTTP_E_ENCODING, "Unrecognized compression format (%d)", (int) (data[2] & 0xFF));
 		/* still try to decode */
 	}
-	if ((data[3] & 0x3) == 0x3) {
+	if ((data[3] & 0x4) == 0x4) {
 		if (data_len < offset + 2) {
 			goto really_bad_gzip_header;
 		}
@@ -226,14 +226,14 @@ inline STATUS http_verify_gzencode_buffer(const char *data, size_t data_len, con
 		offset += (unsigned) ((data[offset] & 0xFF) << 8);
 		offset += 1;
 	}
-	if ((data[3] & 0x4) == 0x4) {
+	if ((data[3] & 0x8) == 0x8) {
 		if (data_len <= offset) {
 			goto really_bad_gzip_header;
 		}
 		/* there's a file name */
 		offset += strlen(&data[offset]) + 1 /*NUL*/;
 	}
-	if ((data[3] & 0x5) == 0x5) {
+	if ((data[3] & 0x10) == 0x10) {
 		if (data_len <= offset) {
 			goto really_bad_gzip_header;
 		}
@@ -261,6 +261,11 @@ inline STATUS http_verify_gzencode_buffer(const char *data, size_t data_len, con
 		}
 	}
 	
+	if (data_len < offset + 8) {
+		http_error(error_level TSRMLS_CC, HTTP_E_ENCODING, "Missing or truncated GZIP footer");
+		return FAILURE;
+	}
+	
 	if (encoded) {
 		*encoded = data + offset;
 	}