From: Lasse Collin <lasse.collin@tukaani.org>
Date: Fri, 11 Nov 2011 13:32:03 +0000 (+0100)
Subject: Decompressors: fix header validation in unlzma.c
X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=9bc32f2d7dc05e3d6e8dc96e30858ea565730f8e;p=xen.git

Decompressors: fix header validation in unlzma.c

From: Lasse Collin <lasse.collin@tukaani.org>

Validation of header.pos calls error() but doesn't make the function
return to indicate an error to the caller.  Instead the decoding is
attempted with invalid header.pos.  This fixes it.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Signed-off-by: Jan Beulich <jbeulich@suse.com>
Acked-by: Keir Fraser <keir@xen.org>
Committed-by: Jan Beulich <jbeulich@suse.com>
---

diff --git a/xen/common/unlzma.c b/xen/common/unlzma.c
index 7ecd161d56..eb3fbba826 100644
--- a/xen/common/unlzma.c
+++ b/xen/common/unlzma.c
@@ -568,8 +568,10 @@ STATIC int INIT unlzma(unsigned char *buf, unsigned int in_len,
 		((unsigned char *)&header)[i] = *rc.ptr++;
 	}
 
-	if (header.pos >= (9 * 5 * 5))
+	if (header.pos >= (9 * 5 * 5)) {
 		error("bad header");
+		goto exit_1;
+	}
 
 	mi = 0;
 	lc = header.pos;