diff options
author | Rob Landley | 2006-02-20 02:18:03 +0000 |
---|---|---|
committer | Rob Landley | 2006-02-20 02:18:03 +0000 |
commit | eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9 (patch) | |
tree | d70e64b1bb6f544737b5d61fd07699d30a63981e /archival/libunarchive | |
parent | dce17c6268b16646f4918cc4f3ee84a0ea1c0e9c (diff) | |
download | busybox-eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9.zip busybox-eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9.tar.gz |
The gentoo security guys found another way to segfault busybox's decompression
code: we can do a null dereference if one of our huffman tables has all zero
length codes. This fixes it. (Thanks solar.)
Diffstat (limited to 'archival/libunarchive')
-rw-r--r-- | archival/libunarchive/decompress_unzip.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/archival/libunarchive/decompress_unzip.c b/archival/libunarchive/decompress_unzip.c index 1b82542..ea81695 100644 --- a/archival/libunarchive/decompress_unzip.c +++ b/archival/libunarchive/decompress_unzip.c @@ -271,7 +271,7 @@ int huft_build(unsigned int *b, const unsigned int n, if (c[0] == n) { /* null input--all zero length codes */ *t = (huft_t *) NULL; *m = 0; - return 0; + return 2; } /* Find minimum and maximum length, bound *m by those */ |