summaryrefslogtreecommitdiff
path: root/sys/lib/libz/inffast.c
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>2005-07-20 15:56:47 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>2005-07-20 15:56:47 +0000
commit2cf630da4ce8cccae74ab052eb0055de8afc9502 (patch)
tree32220b8c594ae0352770c85d0463f63af944cf11 /sys/lib/libz/inffast.c
parent9ba66e2144908c121085b905f0ebf384b79343ba (diff)
Update to zlib 1.2.3; OK deraadt@
Diffstat (limited to 'sys/lib/libz/inffast.c')
-rw-r--r--sys/lib/libz/inffast.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/sys/lib/libz/inffast.c b/sys/lib/libz/inffast.c
index bd5169458d5..9791a34e04e 100644
--- a/sys/lib/libz/inffast.c
+++ b/sys/lib/libz/inffast.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: inffast.c,v 1.10 2004/12/03 03:07:09 djm Exp $ */
+/* $OpenBSD: inffast.c,v 1.11 2005/07/20 15:56:46 millert Exp $ */
/* inffast.c -- fast decoding
* Copyright (C) 1995-2004 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
@@ -75,6 +75,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
unsigned char FAR *out; /* local strm->next_out */
unsigned char FAR *beg; /* inflate()'s initial strm->next_out */
unsigned char FAR *end; /* while out < end, enough space available */
+#ifdef INFLATE_STRICT
+ unsigned dmax; /* maximum distance from zlib header */
+#endif
unsigned wsize; /* window size or zero if not using window */
unsigned whave; /* valid bytes in the window */
unsigned write; /* window write index */
@@ -99,6 +102,9 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
out = strm->next_out - OFF;
beg = out - (start - strm->avail_out);
end = out + (strm->avail_out - 257);
+#ifdef INFLATE_STRICT
+ dmax = state->dmax;
+#endif
wsize = state->wsize;
whave = state->whave;
write = state->write;
@@ -168,6 +174,13 @@ unsigned start; /* inflate()'s starting value for strm->avail_out */
}
}
dist += (unsigned)hold & ((1U << op) - 1);
+#ifdef INFLATE_STRICT
+ if (dist > dmax) {
+ strm->msg = (char *)"invalid distance too far back";
+ state->mode = BAD;
+ break;
+ }
+#endif
hold >>= op;
bits -= op;
Tracevv((stderr, "inflate: distance %u\n", dist));