[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 4/9] Decompressors: fix header validation in unlzma.c

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Fri, 11 Nov 2011 11:28:54 +0000
Cc: lasse.collin@xxxxxxxxxxx
Delivery-date: Fri, 11 Nov 2011 03:30:32 -0800
List-id: Xen developer discussion <xen-devel.lists.xensource.com>

From: Lasse Collin <lasse.collin@xxxxxxxxxxx>

Validation of header.pos calls error() but doesn't make the function
return to indicate an error to the caller.  Instead the decoding is
attempted with invalid header.pos.  This fixes it.

Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/common/unlzma.c
+++ b/xen/common/unlzma.c
@@ -568,8 +568,10 @@ STATIC int INIT unlzma(unsigned char *bu
                ((unsigned char *)&header)[i] = *rc.ptr++;
        }
 
-       if (header.pos >= (9 * 5 * 5))
+       if (header.pos >= (9 * 5 * 5)) {
                error("bad header");
+               goto exit_1;
+       }
 
        mi = 0;
        lc = header.pos;

Attachment: unlzma-header-validation.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

Prev by Date: [Xen-devel] [PATCH 3/9] Decompressors: remove unused function from unlzma.c
Next by Date: [Xen-devel] [PATCH 5/9] Decompressors: check for read errors in unlzma.c
Previous by thread: [Xen-devel] [PATCH 3/9] Decompressors: remove unused function from unlzma.c
Next by thread: [Xen-devel] [PATCH 5/9] Decompressors: check for read errors in unlzma.c
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.