From: Eric Wong <normalperson@...>
Date: 2012-06-09T09:28:28+09:00
Subject: [ruby-core:45528] Re: [ruby-trunk - Feature #6492][Open] Inflate all HTTP Content-Encoding: deflate, gzip, x-gzip responses by default

"drbrain (Eric Hodel)" <drbrain@segment7.net> wrote:
> Feature #6492: Inflate all HTTP Content-Encoding: deflate, gzip, x-gzip responses by default
> https://bugs.ruby-lang.org/issues/6492

I like Net::HTTP being able to inflate compressed responses.

However, I think doing this by default is exploitable by an evil server.
A server could compress a huge file of zeroes to trigger an
out-of-memory conditions in existing code that uses Net::HTTP.

100M compresses to 100K for me:

$ dd if=/dev/zero bs=1M count=100 | gzip -c | wc -c
101791