diff options
| author |   otto <otto@openbsd.org> | 2004-08-26 18:39:18 +0000 |
|---|---|---|
| committer | otto <otto@openbsd.org> | 2004-08-26 18:39:18 +0000 |
| commit | a29b1a55393f87196b500afe0a9ecbc3c7a0d9c6 (patch) | |
| tree | 561ef19f4b2e6afc705b473fbcd8a98226b2c41f | |
| parent | sync usage for -a (diff) | |
| download | wireguard-openbsd-a29b1a55393f87196b500afe0a9ecbc3c7a0d9c6.tar.xz wireguard-openbsd-a29b1a55393f87196b500afe0a9ecbc3c7a0d9c6.zip | |
Fix for DoS caused by incorrect error handling. From Dmitry V. Levin.
ok miller@ henning@
| -rw-r--r-- | lib/libz/infback.c | 3 | ||||
| -rw-r--r-- | lib/libz/inflate.c | 5 | ||||
| -rw-r--r-- | sys/lib/libz/infback.c | 3 | ||||
| -rw-r--r-- | sys/lib/libz/inflate.c | 5 |
4 files changed, 14 insertions, 2 deletions
diff --git a/lib/libz/infback.c b/lib/libz/infback.c index 9496e675c7e..52c42db6c60 100644 --- a/lib/libz/infback.c +++ b/lib/libz/infback.c @@ -446,6 +446,9 @@ void FAR *out_desc; } } + if (state->mode == BAD) + break; + /* build code tables */ state->next = state->codes; state->lencode = (code const FAR *)(state->next); diff --git a/lib/libz/inflate.c b/lib/libz/inflate.c index 27f87a69c95..549525a4625 100644 --- a/lib/libz/inflate.c +++ b/lib/libz/inflate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inflate.c,v 1.6 2003/12/17 00:28:19 millert Exp $ */ +/* $OpenBSD: inflate.c,v 1.7 2004/08/26 18:39:18 otto Exp $ */ /* inflate.c -- zlib decompression * Copyright (C) 1995-2003 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h @@ -910,6 +910,9 @@ int flush; } } + if (state->mode == BAD) + break; + /* build code tables */ state->next = state->codes; state->lencode = (code const FAR *)(state->next); diff --git a/sys/lib/libz/infback.c b/sys/lib/libz/infback.c index 9496e675c7e..52c42db6c60 100644 --- a/sys/lib/libz/infback.c +++ b/sys/lib/libz/infback.c @@ -446,6 +446,9 @@ void FAR *out_desc; } } + if (state->mode == BAD) + break; + /* build code tables */ state->next = state->codes; state->lencode = (code const FAR *)(state->next); diff --git a/sys/lib/libz/inflate.c b/sys/lib/libz/inflate.c index 9ad0ef0baad..ee178ff7db3 100644 --- a/sys/lib/libz/inflate.c +++ b/sys/lib/libz/inflate.c @@ -1,4 +1,4 @@ -/* $OpenBSD: inflate.c,v 1.10 2004/03/24 17:05:48 miod Exp $ */ +/* $OpenBSD: inflate.c,v 1.11 2004/08/26 18:39:18 otto Exp $ */ /* inflate.c -- zlib decompression * Copyright (C) 1995-2003 Mark Adler * For conditions of distribution and use, see copyright notice in zlib.h @@ -913,6 +913,9 @@ int flush; } } + if (state->mode == BAD) + break; + /* build code tables */ state->next = state->codes; state->lencode = (code const FAR *)(state->next); |