From faae093917b4e4fcce80124f003a4c56d081d155 Mon Sep 17 00:00:00 2001
From: "kfraser@localhost.localdomain" <kfraser@localhost.localdomain>
Date: Thu, 26 Apr 2007 15:42:49 +0100
Subject: domain builder: Fix sanity check for gzip size. Signed-off-by: Keir
 Fraser <keir@xensource.com>

---
 tools/libxc/xc_dom_core.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'tools/libxc/xc_dom_core.c')

diff --git a/tools/libxc/xc_dom_core.c b/tools/libxc/xc_dom_core.c
index d6b4d1d35a..c338498f08 100644
--- a/tools/libxc/xc_dom_core.c
+++ b/tools/libxc/xc_dom_core.c
@@ -209,13 +209,13 @@ size_t xc_dom_check_gzip(void *blob, size_t ziplen)
     unsigned char *gzlen;
     size_t unziplen;
 
-    if (strncmp(blob, "\037\213", 2))
+    if ( strncmp(blob, "\037\213", 2) )
         /* not gzipped */
         return 0;
 
     gzlen = blob + ziplen - 4;
     unziplen = gzlen[3] << 24 | gzlen[2] << 16 | gzlen[1] << 8 | gzlen[0];
-    if ( (unziplen < ziplen) || (unziplen > (ziplen * 8)) )
+    if ( (unziplen < 0) || (unziplen > (1024*1024*1024)) ) /* 1GB limit */
     {
         xc_dom_printf
             ("%s: size (zip %zd, unzip %zd) looks insane, skip gunzip\n",
-- 
cgit v1.2.3