[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Xen-devel] [PATCH v3 2/2] libxc: add LZ4 decompression support

On Fri, 2013-10-04 at 15:19 +0100, Jan Beulich wrote:
> >>> On 04.10.13 at 13:16, Ian Campbell <Ian.Campbell@xxxxxxxxxx> wrote:
> > On Mon, 2013-09-30 at 12:45 +0100, Jan Beulich wrote:
> > 
> >> +          chunksize = get_unaligned_le32(inp);
> >> +          if (chunksize == ARCHIVE_MAGICNUMBER) {
> >> +                  inp += 4;
> >> +                  size -= 4;
> >> +                  continue;
> >> +          }
> >> +          inp += 4;
> >> +          size -= 4;
> > 
> > I think you want a chunksize < size check here, in case a malicious file
> > tries to run off the end.
> > 
> > The rest looks good, so with e.g. this inserted:
> >             if (chunksize < size) {
> 
> Did you perhaps mean the opposite
> 
>               if (chunksize > size) {

Yes. Doh!

> 
> Jan
> 
> >                     msg = "insufficient input data";
> >                     goto exit_2;
> >             }
> > 
> > Acked-by: Ian Campbell <ian.campbell@xxxxxxxxxx>
> 
> 
> 



_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.