WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 		  
Home Products Support Community News
 
   
 

xen-devel

[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Xen-devel] [PATCH 7/9] Decompressors: validate match distance in unlzma

from [Jan Beulich] [Permanent Link][Original]
To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] [PATCH 7/9] Decompressors: validate match distance in unlzma.c
From: "Jan Beulich" <JBeulich@xxxxxxxx>
Date: Fri, 11 Nov 2011 11:30:58 +0000
Cc: lasse.collin@xxxxxxxxxxx
Delivery-date: Fri, 11 Nov 2011 03:34:00 -0800
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx 
From: Lasse Collin <lasse.collin@xxxxxxxxxxx>

Validate the newly decoded distance (rep0) in process_bit1().  This is to
detect corrupt LZMA data quickly.  The old code can run for long time
producing garbage until it hits the end of the input.

Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>

--- a/xen/common/unlzma.c
+++ b/xen/common/unlzma.c
@@ -516,6 +516,9 @@ static inline int INIT process_bit1(stru
                        cst->rep0 = pos_slot;
                if (++(cst->rep0) == 0)
                        return 0;
+               if (cst->rep0 > wr->header->dict_size
+                               || cst->rep0 > get_pos(wr))
+                       return -1;
        }
 
        len += LZMA_MATCH_MIN_LEN;

Attachment: unlzma-validate-match-distance.patch
Description: Text document

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • [Xen-devel] [PATCH 7/9] Decompressors: validate match distance in unlzma.c, Jan Beulich <=
Previous by Date:  [Xen-devel] [PATCH 6/9] Decompressors: check for write errors in unlzma.c, Jan Beulich
Next by Date:  [Xen-devel] [PATCH 8/9] Decompressors: check for write errors in unlzo.c, Jan Beulich
Previous by Thread:  [Xen-devel] [PATCH 6/9] Decompressors: check for write errors in unlzma.c, Jan Beulich
Next by Thread:  [Xen-devel] [PATCH 8/9] Decompressors: check for write errors in unlzo.c, Jan Beulich
Indexes:  [Date] [Thread] [Top] [All Lists]
 
   

Copyright , Citrix Systems Inc. All rights reserved. Legal and Privacy