aboutsummaryrefslogtreecommitdiff
path: root/archival
diff options
context:
space:
mode:
authorRob Landley <rob@landley.net>2006-02-20 02:18:03 +0000
committerRob Landley <rob@landley.net>2006-02-20 02:18:03 +0000
commiteb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9 (patch)
treed70e64b1bb6f544737b5d61fd07699d30a63981e /archival
parentdce17c6268b16646f4918cc4f3ee84a0ea1c0e9c (diff)
downloadbusybox-w32-eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9.tar.gz
busybox-w32-eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9.tar.bz2
busybox-w32-eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9.zip
The gentoo security guys found another way to segfault busybox's decompression
code: we can do a null dereference if one of our huffman tables has all zero length codes. This fixes it. (Thanks solar.)
Diffstat (limited to 'archival')
-rw-r--r--archival/libunarchive/decompress_unzip.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/archival/libunarchive/decompress_unzip.c b/archival/libunarchive/decompress_unzip.c
index 1b82542fe..ea8169592 100644
--- a/archival/libunarchive/decompress_unzip.c
+++ b/archival/libunarchive/decompress_unzip.c
@@ -271,7 +271,7 @@ int huft_build(unsigned int *b, const unsigned int n,
271 if (c[0] == n) { /* null input--all zero length codes */ 271 if (c[0] == n) { /* null input--all zero length codes */
272 *t = (huft_t *) NULL; 272 *t = (huft_t *) NULL;
273 *m = 0; 273 *m = 0;
274 return 0; 274 return 2;
275 } 275 }
276 276
277 /* Find minimum and maximum length, bound *m by those */ 277 /* Find minimum and maximum length, bound *m by those */