diff options
author | Daniel Veillard <veillard@redhat.com> | 2015-11-03 15:31:25 +0800 |
---|---|---|
committer | Daniel Veillard <veillard@redhat.com> | 2015-11-03 15:31:25 +0800 |
commit | f0709e3ca8f8947f2d91ed34e92e38a4c23eae63 (patch) | |
tree | 08b743f6f7ebe217a8ae57ef3e631aa0b968e0eb | |
parent | e724879d964d774df9b7969fc846605aa1bac54c (diff) | |
download | libxml2-f0709e3ca8f8947f2d91ed34e92e38a4c23eae63.tar.gz |
CVE-2015-8035 Fix XZ compression support loopCVE-2015-8035
For https://bugzilla.gnome.org/show_bug.cgi?id=757466
DoS when parsing specially crafted XML document if XZ support
is compiled in (which wasn't the case for 2.9.2 and master since
Nov 2013, fixed in next commit !)
-rw-r--r-- | xzlib.c | 4 |
1 files changed, 4 insertions, 0 deletions
@@ -581,6 +581,10 @@ xz_decomp(xz_statep state) xz_error(state, LZMA_DATA_ERROR, "compressed data error"); return -1; } + if (ret == LZMA_PROG_ERROR) { + xz_error(state, LZMA_PROG_ERROR, "compression error"); + return -1; + } } while (strm->avail_out && ret != LZMA_STREAM_END); /* update available output and crc check value */ |