summaryrefslogtreecommitdiff
path: root/archival/libunarchive
diff options
context:
space:
mode:
authorRob Landley2006-02-20 02:18:03 +0000
committerRob Landley2006-02-20 02:18:03 +0000
commiteb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9 (patch)
treed70e64b1bb6f544737b5d61fd07699d30a63981e /archival/libunarchive
parentdce17c6268b16646f4918cc4f3ee84a0ea1c0e9c (diff)
downloadbusybox-eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9.zip
busybox-eb00afb2d5bf926b08a8a9b3ca59298c2a32d8b9.tar.gz
The gentoo security guys found another way to segfault busybox's decompression
code: we can do a null dereference if one of our huffman tables has all zero length codes. This fixes it. (Thanks solar.)
Diffstat (limited to 'archival/libunarchive')
-rw-r--r--archival/libunarchive/decompress_unzip.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/archival/libunarchive/decompress_unzip.c b/archival/libunarchive/decompress_unzip.c
index 1b82542..ea81695 100644
--- a/archival/libunarchive/decompress_unzip.c
+++ b/archival/libunarchive/decompress_unzip.c
@@ -271,7 +271,7 @@ int huft_build(unsigned int *b, const unsigned int n,
if (c[0] == n) { /* null input--all zero length codes */
*t = (huft_t *) NULL;
*m = 0;
- return 0;
+ return 2;
}
/* Find minimum and maximum length, bound *m by those */