BusyBox
/
busybox
mirror of https://github.com/mirror/busybox.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

lzop: add overflow check 

See CVE-2014-4607
http://www.openwall.com/lists/oss-security/2014/06/26/20

function                                             old     new   delta
lzo1x_decompress_safe                               1010    1031     +21

Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
(cherry picked from commit a9dc7c2f59)
1_22_stable
Denys Vlasenko 2014-06-30 10:14:34 +02:00 committed by Mike Frysinger
parent d9e0c438e1
commit 5698ff9323
2 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
archival/libarchive/liblzo.h
View File

@ -76,11 +76,13 @@
# define TEST_IP (ip < ip_end)
# define NEED_IP(x) \
if ((unsigned)(ip_end - ip) < (unsigned)(x)) goto input_overrun
# define TEST_IV(x) if ((x) > (unsigned)0 - (511)) goto input_overrun
# undef TEST_OP /* don't need both of the tests here */
# define TEST_OP 1
# define NEED_OP(x) \
if ((unsigned)(op_end - op) < (unsigned)(x)) goto output_overrun
# define TEST_OV(x) if ((x) > (unsigned)0 - (511)) goto output_overrun
#define HAVE_ANY_OP 1

3
archival/libarchive/lzo1x_d.c
View File

@ -92,6 +92,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
ip++;
NEED_IP(1);
}
TEST_IV(t);
t += 15 + *ip++;
}
/* copy literals */
@ -224,6 +225,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
ip++;
NEED_IP(1);
}
TEST_IV(t);
t += 31 + *ip++;
}
#if defined(COPY_DICT)
@ -265,6 +267,7 @@ int lzo1x_decompress_safe(const uint8_t* in, unsigned in_len,
ip++;
NEED_IP(1);
}
TEST_IV(t);
t += 7 + *ip++;
}
#if defined(COPY_DICT)