CVS commit: src/usr.bin/gzip

Mon, 15 Aug 2011 20:21:59 -0700 

Module Name:    src
Committed By:   christos
Date:           Tue Aug 16 03:21:47 UTC 2011

Modified Files:
        src/usr.bin/gzip: zuncompress.c

Log Message:
provisional fix for CVS-2011-2895, buffer overflow when uncompressing


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/usr.bin/gzip/zuncompress.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/usr.bin/gzip/zuncompress.c
diff -u src/usr.bin/gzip/zuncompress.c:1.8 src/usr.bin/gzip/zuncompress.c:1.9
--- src/usr.bin/gzip/zuncompress.c:1.8	Sat Nov  6 17:42:32 2010
+++ src/usr.bin/gzip/zuncompress.c	Mon Aug 15 23:21:47 2011
@@ -1,4 +1,4 @@
-/*	$NetBSD: zuncompress.c,v 1.8 2010/11/06 21:42:32 mrg Exp $ */
+/*	$NetBSD: zuncompress.c,v 1.9 2011/08/16 03:21:47 christos Exp $ */
 
 /*-
  * Copyright (c) 1985, 1986, 1992, 1993
@@ -288,6 +288,8 @@
 
 		/* Generate output characters in reverse order. */
 		while (zs->u.r.zs_code >= 256) {
+			if (zs->u.r.zs_stackp - de_stack >= HSIZE - 1)
+				return -1;
 			*zs->u.r.zs_stackp++ = tab_suffixof(zs->u.r.zs_code);
 			zs->u.r.zs_code = tab_prefixof(zs->u.r.zs_code);
 		}

Reply via email to