[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [Xen-devel] [PATCH 4/9] Decompressors: fix header validation in unlzma.c
From: Lasse Collin <lasse.collin@xxxxxxxxxxx> Validation of header.pos calls error() but doesn't make the function return to indicate an error to the caller. Instead the decoding is attempted with invalid header.pos. This fixes it. Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx> Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx> --- a/xen/common/unlzma.c +++ b/xen/common/unlzma.c @@ -568,8 +568,10 @@ STATIC int INIT unlzma(unsigned char *bu ((unsigned char *)&header)[i] = *rc.ptr++; } - if (header.pos >= (9 * 5 * 5)) + if (header.pos >= (9 * 5 * 5)) { error("bad header"); + goto exit_1; + } mi = 0; lc = header.pos; Attachment:
unlzma-header-validation.patch _______________________________________________ Xen-devel mailing list Xen-devel@xxxxxxxxxxxxxxxxxxx http://lists.xensource.com/xen-devel
|
Lists.xenproject.org is hosted with RackSpace, monitoring our |