lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 3 May 2011 14:36:20 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Lasse Collin <lasse.collin@...aani.org>
Cc:	Linus Torvalds <torvalds@...ux-foundation.org>,
	linux-kernel@...r.kernel.org, stable@...nel.org
Subject: Re: [PATCH] XZ decompressor: Fix decoding of empty LZMA2 streams

On Sun, 1 May 2011 19:38:42 +0300
Lasse Collin <lasse.collin@...aani.org> wrote:

> From: Lasse Collin <lasse.collin@...aani.org>
> 
> The old code considered valid empty LZMA2 streams to be corrupt.
> Note that a typical empty .xz file has no LZMA2 data at all,
> and thus most .xz files having no uncompressed data are handled
> correctly even without this fix.
> 
> Signed-off-by: Lasse Collin <lasse.collin@...aani.org>

The patch didn't have the cc:stable tag, but appears to be needed in
2.6.38.x and perhaps earlier, yes?

It's commit 646032e3b05b32d3f20cb108a030593d9d792eb5 in mainline.

> 
>  lib/xz/xz_dec_lzma2.c |    6 +++---
>  1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff -uprN linux-2.6.39-rc5-git5.orig/lib/xz/xz_dec_lzma2.c linux-2.6.39-rc5-git5/lib/xz/xz_dec_lzma2.c
> --- linux-2.6.39-rc5-git5.orig/lib/xz/xz_dec_lzma2.c	2011-05-01 17:56:38.000000000 +0300
> +++ linux-2.6.39-rc5-git5/lib/xz/xz_dec_lzma2.c	2011-05-01 18:06:03.000000000 +0300
> @@ -969,6 +969,9 @@ XZ_EXTERN enum xz_ret xz_dec_lzma2_run(s
>  			 */
>  			tmp = b->in[b->in_pos++];
>  
> +			if (tmp == 0x00)
> +				return XZ_STREAM_END;
> +
>  			if (tmp >= 0xE0 || tmp == 0x01) {
>  				s->lzma2.need_props = true;
>  				s->lzma2.need_dict_reset = false;
> @@ -1001,9 +1004,6 @@ XZ_EXTERN enum xz_ret xz_dec_lzma2_run(s
>  						lzma_reset(s);
>  				}
>  			} else {
> -				if (tmp == 0x00)
> -					return XZ_STREAM_END;
> -
>  				if (tmp > 0x02)
>  					return XZ_DATA_ERROR;
>  
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ