correction gzip

Author: playmiel

README.md

@@ -597,6 +597,7 @@ Notes:
 - `enableGzipAcceptEncoding(false)` removes `Accept-Encoding` from the request's header list (or call `request.removeHeader("Accept-Encoding")`).
 - `Content-Length` (when present) refers to the *compressed* payload size; completion detection still follows the wire length.
 - RAM impact: enabling gzip decode allocates an internal 32KB sliding window per active gzip-decoded response (plus small state).
+- Integrity: the gzip trailer is verified (CRC32 + ISIZE); corrupted payloads raise `GZIP_DECODE_FAILED`.
 
 ### HTTPS quick reference
 

src/GzipDecoder.cpp

@@ -7,7 +7,7 @@
 GzipDecoder::GzipDecoder()
     : _state(State::kError), _headerStage(HeaderStage::kFixed10), _error("Gzip decode disabled"), _fixedLen(0),
       _flags(0), _extraLenRead(0), _extraRemaining(0), _needName(false), _needComment(false), _needHcrc(false),
-      _trailerLen(0), _dict(nullptr), _dictOfs(0), _decomp(nullptr) {
+      _trailerLen(0), _crc32(0), _outSize(0), _dict(nullptr), _dictOfs(0), _decomp(nullptr) {
     memset(_fixed, 0, sizeof(_fixed));
     memset(_extraLenBytes, 0, sizeof(_extraLenBytes));
     memset(_trailer, 0, sizeof(_trailer));
@@ -73,10 +73,42 @@ static constexpr uint8_t kGzipFlagExtra = 0x04;
 static constexpr uint8_t kGzipFlagName = 0x08;
 static constexpr uint8_t kGzipFlagComment = 0x10;
 
+static uint32_t readLe32(const uint8_t* p) {
+    return (uint32_t)p[0] | ((uint32_t)p[1] << 8) | ((uint32_t)p[2] << 16) | ((uint32_t)p[3] << 24);
+}
+
+static uint32_t* crc32Table() {
+    static bool inited = false;
+    static uint32_t table[256];
+    if (inited)
+        return table;
+    for (uint32_t i = 0; i < 256; ++i) {
+        uint32_t c = i;
+        for (uint32_t k = 0; k < 8; ++k) {
+            if (c & 1U)
+                c = 0xEDB88320U ^ (c >> 1);
+            else
+                c >>= 1;
+        }
+        table[i] = c;
+    }
+    inited = true;
+    return table;
+}
+
+static uint32_t crc32Update(uint32_t crc, const uint8_t* data, size_t len) {
+    uint32_t c = crc;
+    uint32_t* t = crc32Table();
+    for (size_t i = 0; i < len; ++i) {
+        c = t[(c ^ data[i]) & 0xFFU] ^ (c >> 8);
+    }
+    return c;
+}
+
 GzipDecoder::GzipDecoder()
     : _state(State::kHeader), _headerStage(HeaderStage::kFixed10), _error(nullptr), _fixedLen(0), _flags(0),
       _extraLenRead(0), _extraRemaining(0), _needName(false), _needComment(false), _needHcrc(false), _trailerLen(0),
-      _dict(nullptr), _dictOfs(0), _decomp(nullptr) {
+      _crc32(0), _outSize(0), _dict(nullptr), _dictOfs(0), _decomp(nullptr) {
     memset(_fixed, 0, sizeof(_fixed));
     memset(_extraLenBytes, 0, sizeof(_extraLenBytes));
     memset(_trailer, 0, sizeof(_trailer));
@@ -110,6 +142,8 @@ void GzipDecoder::reset() {
 
     _trailerLen = 0;
     _dictOfs = 0;
+    _crc32 = 0xFFFFFFFFU;
+    _outSize = 0;
 }
 
 bool GzipDecoder::begin() {
@@ -288,6 +322,20 @@ GzipDecoder::Result GzipDecoder::consumeTrailer(const uint8_t* in, size_t inLen,
         }
         if (_trailerLen < kGzipTrailerSize)
             return Result::kNeedMoreInput;
+        uint32_t expectedCrc = readLe32(_trailer);
+        uint32_t expectedISize = readLe32(_trailer + 4);
+        uint32_t gotCrc = _crc32 ^ 0xFFFFFFFFU;
+        uint32_t gotISize = _outSize;
+
+        if (expectedCrc != gotCrc) {
+            setError("Gzip CRC32 mismatch");
+            return Result::kError;
+        }
+        if (expectedISize != gotISize) {
+            setError("Gzip ISIZE mismatch");
+            return Result::kError;
+        }
+
         _state = State::kDone;
         return Result::kDone;
     }
@@ -354,8 +402,11 @@ GzipDecoder::Result GzipDecoder::write(const uint8_t* in, size_t inLen, size_t*
     totalConsumed += srcBufSize;
     *inConsumed = totalConsumed;
     if (dstBufSize > 0) {
-        *outPtr = reinterpret_cast<const uint8_t*>(dict + _dictOfs);
+        const uint8_t* produced = reinterpret_cast<const uint8_t*>(dict + _dictOfs);
+        *outPtr = produced;
         *outLen = dstBufSize;
+        _crc32 = crc32Update(_crc32, produced, dstBufSize);
+        _outSize += (uint32_t)dstBufSize;
         _dictOfs = (_dictOfs + dstBufSize) & (kTinflDictSize - 1);
     }
 

src/GzipDecoder.h

@@ -71,6 +71,9 @@ class GzipDecoder {
     uint8_t _trailer[8];
     size_t _trailerLen;
 
+    uint32_t _crc32;
+    uint32_t _outSize;
+
     // Deflate (tinfl) state
     void* _dict;
     size_t _dictOfs;

test/test_gzip_decode_native/test_main.cpp

@@ -108,6 +108,57 @@ static void test_truncated_gzip_fails() {
     TEST_ASSERT_TRUE(strlen(dec.lastError()) > 0);
 }
 
+static void test_gzip_crc_mismatch_fails() {
+    std::vector<uint8_t> gz(kGzipHello, kGzipHello + sizeof(kGzipHello));
+    // Flip one CRC byte in trailer (bytes 4 from end..)
+    gz[gz.size() - 8] ^= 0x01;
+
+    GzipDecoder dec;
+    TEST_ASSERT_TRUE(dec.begin());
+
+    size_t offset = 0;
+    std::string out;
+    while (offset < gz.size()) {
+        const uint8_t* outPtr = nullptr;
+        size_t outLen = 0;
+        size_t consumed = 0;
+        GzipDecoder::Result r = dec.write(gz.data() + offset, gz.size() - offset, &consumed, &outPtr, &outLen, true);
+        if (outLen > 0)
+            out.append(reinterpret_cast<const char*>(outPtr), outLen);
+        if (r == GzipDecoder::Result::kError)
+            break;
+        TEST_ASSERT_TRUE(consumed > 0 || outLen > 0);
+        offset += consumed;
+    }
+
+    TEST_ASSERT_FALSE_MESSAGE(dec.isDone(), "should not be done on CRC mismatch");
+    TEST_ASSERT_TRUE(strlen(dec.lastError()) > 0);
+}
+
+static void test_gzip_isize_mismatch_fails() {
+    std::vector<uint8_t> gz(kGzipHello, kGzipHello + sizeof(kGzipHello));
+    // Flip one ISIZE byte in trailer (last 4 bytes).
+    gz[gz.size() - 1] ^= 0x01;
+
+    GzipDecoder dec;
+    TEST_ASSERT_TRUE(dec.begin());
+
+    size_t offset = 0;
+    while (offset < gz.size()) {
+        const uint8_t* outPtr = nullptr;
+        size_t outLen = 0;
+        size_t consumed = 0;
+        GzipDecoder::Result r = dec.write(gz.data() + offset, gz.size() - offset, &consumed, &outPtr, &outLen, true);
+        if (r == GzipDecoder::Result::kError)
+            break;
+        TEST_ASSERT_TRUE(consumed > 0 || outLen > 0);
+        offset += consumed;
+    }
+
+    TEST_ASSERT_FALSE(dec.isDone());
+    TEST_ASSERT_TRUE(strlen(dec.lastError()) > 0);
+}
+
 int main(int argc, char** argv) {
     (void)argc;
     (void)argv;
@@ -117,5 +168,7 @@ int main(int argc, char** argv) {
     RUN_TEST(test_gzip_decode_byte_by_byte);
     RUN_TEST(test_gzip_header_with_fname);
     RUN_TEST(test_truncated_gzip_fails);
+    RUN_TEST(test_gzip_crc_mismatch_fails);
+    RUN_TEST(test_gzip_isize_mismatch_fails);
     return UNITY_END();
 }