[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 4/9] Decompressors: fix header validation in unlzma.c



From: Lasse Collin <lasse.collin@xxxxxxxxxxx>

Validation of header.pos calls error() but doesn't make the function
return to indicate an error to the caller.  Instead the decoding is
attempted with invalid header.pos.  This fixes it.

Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/common/unlzma.c
+++ b/xen/common/unlzma.c
@@ -568,8 +568,10 @@ STATIC int INIT unlzma(unsigned char *bu
                ((unsigned char *)&header)[i] = *rc.ptr++;
        }
 
-       if (header.pos >= (9 * 5 * 5))
+       if (header.pos >= (9 * 5 * 5)) {
                error("bad header");
+               goto exit_1;
+       }
 
        mi = 0;
        lc = header.pos;



Attachment: unlzma-header-validation.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

 


Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.