ZF-12333: decodeDeflate() handles incorrectly

Description

This is a dupe of ZF-6040 but I don't seem to be able to reopen that bug.

I'm seeing the same issue with the Windows Live Connect API (Server: Live-API/16.2.1431.613 Microsoft-HTTPAPI/2.0). It seems that checking the first two bytes % 31 isn't sufficient.

For me adding a check for the compression method helps (which in RFC 1950 is defined as 8 for deflate, and no other methods are defined): if ($zlibHeader[1] % 31 == 0 && ord($body[0]) & 0x0f == 8) {

However I imagine this check could also be defeated by chance in the wild, maybe the code should check for known-bad servers in the Server header?

Here's the body which was causing the failure: "\xEC\xBD\x07\x60\x1C\x49\x96\x25\x26\x2F\x6D\xCA\x7B\x7F\x4A\xF5\x4A\xD7\xE0\x74\xA1\x08\x80\x60\x13\x24\xD8\x90\x40\x10\xEC\xC1\x88\xCD\xE6\x92\xEC\x1D\x69\x47\x23\x29\xAB\x2A\x81\xCA\x65\x56\x65\x5D\x66\x16\x40\xCC\xED\x9D\xBC\xF7\xDE\x7B\xEF\xBD\xF7\xDE\x7B\xEF\xBD\xF7\xBA\x3B\x9D\x4E\x27\xF7\xDF\xFF\x3F\x5C\x66\x64\x01\x6C\xF6\xCE\x4A\xDA\xC9\x9E\x21\x80\xAA\xC8\x1F\x3F\x7E\x7C\x1F\x3F\x22\x7E\xF1\x6F\x9C\xA6\xE9\x47\x79\x5D\x57\xF5\x47\x8F\x52\xFE\x0B\x1F\x4C\xAB\x59\x4E\x7F\x7F\x54\xE7\xBF\x68\x9D\x37\xED\xEF\xDF\x56\x6F\xF3\xE5\xEF\x9F\xBF\x5B\x15\x75\x3E\xFB\x68\x94\x9A\x76\x8B\xBC\x69\xB2\x0B\x6E\xFA\x66\x9E\xA7\xAB\xBA\xBA\x2C\x66\xF9\x2C\xCD\xA6\x53\xFA\x26\xE5\xD7\xD2\x79\xD6\xA4\xFA\xEA\xF8\x23\xBC\xF9\x4B\x7E\xE3\x5F\xF2\xFF\x04\x00\x00\xFF\xFF"

Comments

No comments to display