WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-changelog

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-changelog] [xen-unstable] Decompressors: validate match distance in

from [Xen patchbot-unstable] [Permanent Link][Original]
To: xen-changelog@xxxxxxxxxxxxxxxxxxx
Subject: [Xen-changelog] [xen-unstable] Decompressors: validate match distance in unlzma.c
From: Xen patchbot-unstable <patchbot@xxxxxxx>
Date: Fri, 11 Nov 2011 21:11:15 +0000
Delivery-date: Fri, 11 Nov 2011 13:13:32 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-changelog-request@lists.xensource.com?subject=help>
List-id: BK change log <xen-changelog.lists.xensource.com>
List-post: <mailto:xen-changelog@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe>
Reply-to: xen-devel@xxxxxxxxxxxxxxxxxxx
Sender: xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx 
# HG changeset patch
# User Lasse Collin <lasse.collin@xxxxxxxxxxx>
# Date 1321018464 -3600
# Node ID 88347644935e4de008e16daa13d10d11b0e726d3
# Parent  2ffeeb28e9be98c932905f7fd2bf80bfc089622c
Decompressors: validate match distance in unlzma.c

From: Lasse Collin <lasse.collin@xxxxxxxxxxx>

Validate the newly decoded distance (rep0) in process_bit1().  This is to
detect corrupt LZMA data quickly.  The old code can run for long time
producing garbage until it hits the end of the input.

Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
Committed-by: Jan Beulich <jbeulich@xxxxxxxx>
---


diff -r 2ffeeb28e9be -r 88347644935e xen/common/unlzma.c
--- a/xen/common/unlzma.c       Fri Nov 11 14:33:30 2011 +0100
+++ b/xen/common/unlzma.c       Fri Nov 11 14:34:24 2011 +0100
@@ -516,6 +516,9 @@
                        cst->rep0 = pos_slot;
                if (++(cst->rep0) == 0)
                        return 0;
+               if (cst->rep0 > wr->header->dict_size
+                               || cst->rep0 > get_pos(wr))
+                       return -1;
        }
 
        len += LZMA_MATCH_MIN_LEN;

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-changelog] [xen-unstable] Decompressors: validate match distance in unlzma.c, Xen patchbot-unstable <=
Previous by Date:  [Xen-changelog] [xen-unstable] Decompressors: check for read errors in unlzma.c, Xen patchbot-unstable
Next by Date:  [Xen-changelog] [xen-unstable] Decompressors: check for write errors in unlzo.c, Xen patchbot-unstable
Previous by Thread:  [Xen-changelog] [xen-unstable] Decompressors: check for read errors in unlzma.c, Xen patchbot-unstable
Next by Thread:  [Xen-changelog] [xen-unstable] Decompressors: check for write errors in unlzo.c, Xen patchbot-unstable
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy