From 481620ba448dae7bdf3c3ce76934e6413757709c Mon Sep 17 00:00:00 2001
From: theteatoast <anindyaandy1904@gmail.com>
Date: Sat, 18 Apr 2026 00:40:39 +0530
Subject: [PATCH] fix: Gzip Decompression Bomb

---
 .../util/net_http/server/internal/evhttp_request.cc   | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/tensorflow_serving/util/net_http/server/internal/evhttp_request.cc b/tensorflow_serving/util/net_http/server/internal/evhttp_request.cc
index eb625a73bc7..6db62eb1878 100644
--- a/tensorflow_serving/util/net_http/server/internal/evhttp_request.cc
+++ b/tensorflow_serving/util/net_http/server/internal/evhttp_request.cc
@@ -17,6 +17,7 @@ limitations under the License.
 
 #include "tensorflow_serving/util/net_http/server/internal/evhttp_request.h"
 
+#include <algorithm>
 #include <cassert>
 #include <cstddef>
 #include <cstdint>
@@ -271,9 +272,13 @@ bool EvHTTPRequest::NeedUncompressGzipContent() {
 void EvHTTPRequest::UncompressGzipBody(void* input, size_t input_size,
                                        void** uncompressed_input,
                                        size_t* uncompressed_input_size) {
-  int64_t max = handler_options_->auto_uncompress_max_size() > 0
-                    ? handler_options_->auto_uncompress_max_size()
-                    : ZLib::kMaxUncompressedBytes;
+  // NEW: Reject suspiciously high compression ratios (> 100x)
+  static constexpr size_t kMaxCompressionRatio = 100;
+  static constexpr size_t kMaxDecompressedSize = 10 * 1024 * 1024;  // 10MB
+
+  int64_t max = std::min(
+      static_cast<int64_t>(kMaxDecompressedSize),
+      static_cast<int64_t>(input_size) * kMaxCompressionRatio);
 
   // our APIs don't need expose the actual content-length
   *uncompressed_input_size = static_cast<size_t>(max);