| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <201011231225.42440.lasse.collin@tukaani.org> Date: Tue, 23 Nov 2010 12:25:42 +0200 From: Lasse Collin <lasse.collin@...aani.org> To: linux-kernel@...r.kernel.org Cc: "H. Peter Anvin" <hpa@...or.com>, Alain Knaff <alain@...ff.lu>, Albin Tonnerre <albin.tonnerre@...e-electrons.com>, Phillip Lougher <phillip@...gher.demon.co.uk>, Andrew Morton <akpm@...ux-foundation.org> Subject: [PATCH 4/4] Decompressors: Validate match distance in decompress_unlzma.c From: Lasse Collin <lasse.collin@...aani.org> Validate the newly decoded distance (rep0) in process_bit1(). This is to detect corrupt LZMA data quickly. The old code can run for long time producing garbage until it hits the end of the input. Signed-off-by: Lasse Collin <lasse.collin@...aani.org> --- --- linux-2.6.37-rc3/lib/decompress_unlzma.c.orig 2010-11-23 11:11:58.000000000 +0200 +++ linux-2.6.37-rc3/lib/decompress_unlzma.c 2010-11-23 11:13:30.000000000 +0200 @@ -528,6 +528,9 @@ static inline int INIT process_bit1(stru cst->rep0 = pos_slot; if (++(cst->rep0) == 0) return 0; + if (cst->rep0 > wr->header->dict_size + || cst->rep0 > get_pos(wr)) + return -1; } len += LZMA_MATCH_MIN_LEN; -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists