Re: [patch] httpd static gzip compression

prx Sat, 26 Feb 2022 01:56:30 -0800

First, thank you for your interest!

> > Shouldn't we check for truncation on strlcpy and strlcat and goto fail
> > in that event?
> 
> With goto abort we get an 500 internal server error.
>


Moreover, if the strlcpy and strlcat failed, then the file requested 
(gpath) is obviously not found, and httpd switch back to original path.

But to avoid unexpected behaviour, maybe something like this can be enough ?

```
        int             gztoolong = 0;

        /* check Accept-Encoding header */
        key.kv_key = "Accept-Encoding";
        r = kv_find(&req->http_headers, &key);

        if (r != NULL) {
            if (strstr(r->kv_value, "gzip") != NULL) {
                /* append ".gz" to path and check existence */
                if (strlcpy(gzpath, path, sizeof(gzpath)) >= sizeof(gzpath))
                    gztoolong = 1;
                if (strlcat(gzpath, ".gz", sizeof(gzpath)) >= sizeof(gzpath))
                    gztoolong = 1;

                if ((gztoolong == 0) &&
                    (access(gzpath, R_OK) == 0) &&
                    (stat(gzpath, &gzst) == 0)) {
                    path = gzpath;
                    st = &gzst;
                    kv_add(&resp->http_headers,
                        "Content-Encoding", "gzip");
                }
```

Re: [patch] httpd static gzip compression

Reply via email to