From a9dc7c2f59dc5e92870d2d46316ea5c1f14740e3 Mon Sep 17 00:00:00 2001
From: Denys Vlasenko <vda.linux@googlemail.com>
Date: Mon, 30 Jun 2014 10:14:34 +0200
Subject: lzop: add overflow check

See CVE-2014-4607
http://www.openwall.com/lists/oss-security/2014/06/26/20

function                                             old     new   delta
lzo1x_decompress_safe                               1010    1031     +21

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
---
 archival/libarchive/lzo1x_d.c | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'archival/libarchive/lzo1x_d.c')

diff --git a/archival/libarchive/lzo1x_d.c b/archival/libarchive/lzo1x_d.c
index 9bc1270da..40b167e68 100644
--- a/archival/libarchive/lzo1x_d.c
+++ b/archival/libarchive/lzo1x_d.c
@@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
 				ip++;
 				NEED_IP(1);
 			}
+			TEST_IV(t);
 			t += 15 + *ip++;
 		}
 		/* copy literals */
@@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
 						ip++;
 						NEED_IP(1);
 					}
+					TEST_IV(t);
 					t += 31 + *ip++;
 				}
 #if defined(COPY_DICT)
@@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
 						ip++;
 						NEED_IP(1);
 					}
+					TEST_IV(t);
 					t += 7 + *ip++;
 				}
 #if defined(COPY_DICT)
-- 
cgit v1.2.3