diff options
| author | Denys Vlasenko <vda.linux@googlemail.com> | 2014-06-30 10:14:34 +0200 |
|---|---|---|
| committer | Denys Vlasenko <vda.linux@googlemail.com> | 2014-06-30 10:14:34 +0200 |
| commit | a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 (patch) | |
| tree | 0c3b2ff86a761578247db504d8e742d55071b4a8 /archival/libarchive/lzo1x_d.c | |
| parent | 1b487ea8a69ac90b530e9ccd161a5b1b21e604c7 (diff) | |
| download | busybox-a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3.tar.gz | |
lzop: add overflow check
See CVE-2014-4607
http://www.openwall.com/lists/oss-security/2014/06/26/20
function old new delta
lzo1x_decompress_safe 1010 1031 +21
Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'archival/libarchive/lzo1x_d.c')
| -rw-r--r-- | archival/libarchive/lzo1x_d.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c index 9bc1270da..40b167e68 100644 --- a/archival/libarchive/lzo1x_d.c +++ b/archival/libarchive/lzo1x_d.c @@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len, ip++; NEED_IP(1); } + TEST_IV(t); t += 15 + *ip++; } /* copy literals */ @@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len, ip++; NEED_IP(1); } + TEST_IV(t); t += 31 + *ip++; } #if defined(COPY_DICT) @@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len, ip++; NEED_IP(1); } + TEST_IV(t); t += 7 + *ip++; } #if defined(COPY_DICT) |