From 4893e869e3fc36c65123ce8fedafeb82cba745a4 Mon Sep 17 00:00:00 2001
From: Con Kolivas <kernel@kolivas.org>
Date: Wed, 16 May 2018 16:55:41 +1000
Subject: [PATCH] Add sanity check for invalid values during decompression,
 addressing CVE-2017-8845.

---
 stream.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/stream.c b/stream.c
index af4a4aa..79890ba 100644
--- a/stream.c
+++ b/stream.c
@@ -1632,6 +1632,10 @@ fill_another:
 	c_len = le64toh(c_len);
 	u_len = le64toh(u_len);
 	last_head = le64toh(last_head);
+	if (unlikely(c_len < 1 || u_len < 1 || last_head < 0)) {
+		fatal_return(("Invalid data compressed len %lld uncompressed %lld last_head %lld\n",
+			     c_len, u_len, last_head), -1);
+	}
 	print_maxverbose("Fill_buffer stream %d c_len %lld u_len %lld last_head %lld\n", streamno, c_len, u_len, last_head);
 
 	padded_len = MAX(c_len, MIN_SIZE);