[libxml2] CVE-2015-8035 Fix XZ compression support loop

From: Daniel Veillard <veillard src gnome org>
To: commits-list gnome org
Cc:
Subject: [libxml2] CVE-2015-8035 Fix XZ compression support loop
Date: Tue, 3 Nov 2015 07:35:11 +0000 (UTC)

commit f0709e3ca8f8947f2d91ed34e92e38a4c23eae63
Author: Daniel Veillard <veillard redhat com>
Date:   Tue Nov 3 15:31:25 2015 +0800

    CVE-2015-8035 Fix XZ compression support loop
    
    For https://bugzilla.gnome.org/show_bug.cgi?id=757466
    DoS when parsing specially crafted XML document if XZ support
    is compiled in (which wasn't the case for 2.9.2 and master since
    Nov 2013, fixed in next commit !)

 xzlib.c |    4 ++++
 1 files changed, 4 insertions(+), 0 deletions(-)
---
diff --git a/xzlib.c b/xzlib.c
index 0dcb9f4..1fab546 100644
--- a/xzlib.c
+++ b/xzlib.c
@@ -581,6 +581,10 @@ xz_decomp(xz_statep state)
             xz_error(state, LZMA_DATA_ERROR, "compressed data error");
             return -1;
         }
+        if (ret == LZMA_PROG_ERROR) {
+            xz_error(state, LZMA_PROG_ERROR, "compression error");
+            return -1;
+        }
     } while (strm->avail_out && ret != LZMA_STREAM_END);
 
     /* update available output and crc check value */

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]