ckolivas/lrzip
1
0
Fork 0
mirror of https://github.com/ckolivas/lrzip.git synced 2025-12-06 07:12:00 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Add sanity check for invalid values during decompression, addressing CVE-2017-8845.

Browse source
This commit is contained in:
Con Kolivas 2018-05-16 16:55:41 +10:00
parent 89d7b33e6a
commit 4893e869e3
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
stream.c
View file

@ -1632,6 +1632,10 @@ fill_another:
c_len = le64toh(c_len);
u_len = le64toh(u_len);
last_head = le64toh(last_head);
if (unlikely(c_len < 1 || u_len < 1 || last_head < 0)) {
fatal_return(("Invalid data compressed len %lld uncompressed %lld last_head %lld\n",
c_len, u_len, last_head), -1);
}
print_maxverbose("Fill_buffer stream %d c_len %lld u_len %lld last_head %lld\n", streamno, c_len, u_len, last_head);
padded_len = MAX(c_len, MIN_SIZE);