diff options
author | Lasse Collin <lasse.collin@tukaani.org> | 2011-11-11 14:32:03 +0100 |
---|---|---|
committer | Lasse Collin <lasse.collin@tukaani.org> | 2011-11-11 14:32:03 +0100 |
commit | 9bc32f2d7dc05e3d6e8dc96e30858ea565730f8e (patch) | |
tree | 56c2d5b5b024b886107232fe9c9c52272391464a /xen/common/unlzma.c | |
parent | b9f2ce10ef5249eefb90354da3b83a66ac58d9c6 (diff) | |
download | xen-9bc32f2d7dc05e3d6e8dc96e30858ea565730f8e.tar.gz xen-9bc32f2d7dc05e3d6e8dc96e30858ea565730f8e.tar.bz2 xen-9bc32f2d7dc05e3d6e8dc96e30858ea565730f8e.zip |
Decompressors: fix header validation in unlzma.c
From: Lasse Collin <lasse.collin@tukaani.org>
Validation of header.pos calls error() but doesn't make the function
return to indicate an error to the caller. Instead the decoding is
attempted with invalid header.pos. This fixes it.
Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>
Diffstat (limited to 'xen/common/unlzma.c')
-rw-r--r-- | xen/common/unlzma.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/xen/common/unlzma.c b/xen/common/unlzma.c index 7ecd161d56..eb3fbba826 100644 --- a/xen/common/unlzma.c +++ b/xen/common/unlzma.c @@ -568,8 +568,10 @@ STATIC int INIT unlzma(unsigned char *buf, unsigned int in_len, ((unsigned char *)&header)[i] = *rc.ptr++; } - if (header.pos >= (9 * 5 * 5)) + if (header.pos >= (9 * 5 * 5)) { error("bad header"); + goto exit_1; + } mi = 0; lc = header.pos; |