Add Crc checksum validation for gzip::header::Parser

NobodyXu · web-flow · commit b157fea450d8 · 2025-12-08T00:58:33.000+11:00
Ensure the header is valid

Signed-off-by: Jiahao XU &lt;30436523+NobodyXu@users.noreply.github.com&gt;
diff --git a/crates/compression-codecs/src/gzip/header.rs b/crates/compression-codecs/src/gzip/header.rs
@@ -1,4 +1,5 @@
 use compression_core::util::PartialBuffer;
+use flate2::Crc;
 use std::io;
 
 #[derive(Debug, Default)]
@@ -36,6 +37,7 @@ impl Default for State {
 pub(super) struct Parser {
     state: State,
     header: Header,
+    crc: Crc,
 }
 
 impl Header {
@@ -63,16 +65,33 @@ impl Header {
 
 impl Parser {
     pub(super) fn input(&mut self, input: &mut PartialBuffer<&[u8]>) -> io::Result<Option<Header>> {
+        let consume_input = |n| {
+            self.crc.update(&input.unwritten()[..n]);
+            input.advance(n);
+        };
+
+        let consume_cstr = || {
+            if let Some(len) = memchr::memchr(0, input.unwritten()) {
+                consume_input(len + 1);
+                Some(())
+            } else {
+                consume_input(input.unwritten().len());
+                None
+            }
+        };
+
         loop {
             match &mut self.state {
                 State::Fixed(data) => {
                     data.copy_unwritten_from(input);
 
                     if data.unwritten().is_empty() {
-                        self.header = Header::parse(&data.take().into_inner())?;
+                        let data = data.get_mut();
+                        self.crc.update(data);
+                        self.header = Header::parse(data)?;
                         self.state = State::ExtraLen(<_>::default());
                     } else {
-                        return Ok(None);
+                        break Ok(None)
                     }
                 }
 
@@ -85,22 +104,24 @@ impl Parser {
                     data.copy_unwritten_from(input);
 
                     if data.unwritten().is_empty() {
-                        let len = u16::from_le_bytes(data.take().into_inner());
+                        let data = data.get_mut();
+                        self.crc.update(data);
+                        let len = u16::from_le_bytes(data);
                         self.state = State::Extra(len.into());
                     } else {
-                        return Ok(None);
+                        break Ok(None)
                     }
                 }
 
                 State::Extra(bytes_to_consume) => {
                     let n = input.unwritten().len().min(*bytes_to_consume);
                     *bytes_to_consume -= n;
-                    input.advance(n);
+                    consume_input(n);
 
                     if *bytes_to_consume == 0 {
                         self.state = State::Filename;
                     } else {
-                        return Ok(None);
+                        break Ok(None)
                     }
                 }
 
@@ -110,13 +131,8 @@ impl Parser {
                         continue;
                     }
 
-                    if let Some(len) = memchr::memchr(0, input.unwritten()) {
-                        input.advance(len + 1);
-                        self.state = State::Comment;
-                    } else {
-                        input.advance(input.unwritten().len());
-                        return Ok(None);
-                    }
+                    consume_cstr()?;
+                    self.state = State::Comment;
                 }
 
                 State::Comment => {
@@ -125,35 +141,42 @@ impl Parser {
                         continue;
                     }
 
-                    if let Some(len) = memchr::memchr(0, input.unwritten()) {
-                        input.advance(len + 1);
-                        self.state = State::Crc(<_>::default());
-                    } else {
-                        input.advance(input.unwritten().len());
-                        return Ok(None);
-                    }
+                    consume_cstr()?;
+                    self.state = State::Crc(<_>::default());
                 }
 
                 State::Crc(data) => {
+                    let header = std::mem::take(&mut self.header);
+                    
                     if !self.header.flags.crc {
                         self.state = State::Done;
-                        return Ok(Some(std::mem::take(&mut self.header)));
+                        break Ok(Some(header))
                     }
 
                     data.copy_unwritten_from(input);
 
-                    if data.unwritten().is_empty() {
+                    break if data.unwritten().is_empty() {
                         self.state = State::Done;
-                        return Ok(Some(std::mem::take(&mut self.header)));
+                        let checksum = self.crc.sum().to_le_bytes();
+                        let data = data.get_mut();
+
+                        if data == checksum[..2] {
+                            Ok(Some(header))
+                        } else {
+                            Err(io::Error::new(
+                                io::ErrorKind::InvalidData,
+                                "CRC computed for header does not match",
+                            ))
+                        }
                     } else {
-                        return Ok(None);
+                        Ok(None)
                     }
                 }
 
                 State::Done => {
-                    return Err(io::Error::other("parser used after done"));
+                    break Err(io::Error::other("parser used after done"))
                 }
-            };
+            }
         }
     }
 }
