[PATCH 1/4] Decompressors: Fix header validation in decompress_unlzma.c

From: Lasse Collin
Date: Tue Nov 23 2010 - 05:16:21 EST

Next message: Stephane Eranian: "Re: [RFC PATCH 2/3 v2] perf: Implement Nehalem uncore pmu"
Previous message: Lasse Collin: "[PATCH 0/4] Decompressors: Fix error handling in decompress_unlzma.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Lasse Collin <lasse.collin@xxxxxxxxxxx>

Validation of header.pos calls error() but doesn't make the
function return to indicate an error to the caller. Instead
the decoding is attempted with invalid header.pos. This
fixes it.

Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx>
---

--- linux-2.6.37-rc3/lib/decompress_unlzma.c.orig 2010-10-20 23:30:22.000000000 +0300
+++ linux-2.6.37-rc3/lib/decompress_unlzma.c 2010-11-23 11:07:28.000000000 +0200
@@ -580,8 +580,10 @@ STATIC inline int INIT unlzma(unsigned c
((unsigned char *)&header)[i] = *rc.ptr++;
}

- if (header.pos >= (9 * 5 * 5))
+ if (header.pos >= (9 * 5 * 5)) {
error("bad header");
+ goto exit_1;
+ }

mi = 0;
lc = header.pos;
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Stephane Eranian: "Re: [RFC PATCH 2/3 v2] perf: Implement Nehalem uncore pmu"
Previous message: Lasse Collin: "[PATCH 0/4] Decompressors: Fix error handling in decompress_unlzma.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]