From eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9 Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Mon, 20 Feb 2006 02:18:03 +0000 Subject: The gentoo security guys found another way to segfault busybox's decompression code: we can do a null dereference if one of our huffman tables has all zero length codes. This fixes it. (Thanks solar.) --- archival/libunarchive/decompress_unzip.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'archival') diff --git a/archival/libunarchive/decompress_unzip.c b/archival/libunarchive/decompress_unzip.c index 1b82542fe..ea8169592 100644 --- a/archival/libunarchive/decompress_unzip.c +++ b/archival/libunarchive/decompress_unzip.c @@ -271,7 +271,7 @@ int huft_build(unsigned int *b, const unsigned int n, if (c[0] == n) { /* null input--all zero length codes */ *t = (huft_t *) NULL; *m = 0; - return 0; + return 2; } /* Find minimum and maximum length, bound *m by those */ -- cgit v1.2.3