 Home |
Products |
Support |
Community |
News |
xen-changelog
[Xen-changelog] [xen-unstable] Decompressors: fix header validation in u
| To: | xen-changelog@xxxxxxxxxxxxxxxxxxx |
|---|---|
| Subject: | [Xen-changelog] [xen-unstable] Decompressors: fix header validation in unlzma.c |
| From: | Xen patchbot-unstable <patchbot@xxxxxxx> |
| Date: | Fri, 11 Nov 2011 21:11:14 +0000 |
| Delivery-date: | Fri, 11 Nov 2011 13:13:08 -0800 |
| Envelope-to: | www-data@xxxxxxxxxxxxxxxxxxx |
| List-help: | <mailto:xen-changelog-request@lists.xensource.com?subject=help> |
| List-id: | BK change log <xen-changelog.lists.xensource.com> |
| List-post: | <mailto:xen-changelog@lists.xensource.com> |
| List-subscribe: | <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=subscribe> |
| List-unsubscribe: | <http://lists.xensource.com/mailman/listinfo/xen-changelog>, <mailto:xen-changelog-request@lists.xensource.com?subject=unsubscribe> |
| Reply-to: | xen-devel@xxxxxxxxxxxxxxxxxxx |
| Sender: | xen-changelog-bounces@xxxxxxxxxxxxxxxxxxx |
# HG changeset patch
# User Lasse Collin <lasse.collin@xxxxxxxxxxx>
# Date 1321018323 -3600
# Node ID 71abe73298b321ce168cf1a496615d06deb86220
# Parent 7c5eb2265fba5fb33addd0e0f30b77ce4ff17af0
Decompressors: fix header validation in unlzma.c
From: Lasse Collin <lasse.collin@xxxxxxxxxxx>
Validation of header.pos calls error() but doesn't make the function
return to indicate an error to the caller. Instead the decoding is
attempted with invalid header.pos. This fixes it.
Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx>
Signed-off-by: Jan Beulich <jbeulich@xxxxxxxx>
Acked-by: Keir Fraser <keir@xxxxxxx>
Committed-by: Jan Beulich <jbeulich@xxxxxxxx>
---
diff -r 7c5eb2265fba -r 71abe73298b3 xen/common/unlzma.c
--- a/xen/common/unlzma.c Fri Nov 11 14:31:38 2011 +0100
+++ b/xen/common/unlzma.c Fri Nov 11 14:32:03 2011 +0100
@@ -568,8 +568,10 @@
((unsigned char *)&header)[i] = *rc.ptr++;
}
- if (header.pos >= (9 * 5 * 5))
+ if (header.pos >= (9 * 5 * 5)) {
error("bad header");
+ goto exit_1;
+ }
mi = 0;
lc = header.pos;
_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | [Xen-changelog] [xen-unstable] Decompressors: remove unused function from unlzma.c, Xen patchbot-unstable |
|---|---|
| Next by Date: | [Xen-changelog] [xen-unstable] Decompressors: check for write errors in unlzma.c, Xen patchbot-unstable |
| Previous by Thread: | [Xen-changelog] [xen-unstable] Decompressors: remove unused function from unlzma.c, Xen patchbot-unstable |
| Next by Thread: | [Xen-changelog] [xen-unstable] Decompressors: check for write errors in unlzma.c, Xen patchbot-unstable |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
