Correct a denial-of-service vulnerability in zlib.

For reference, this bug was first reported at http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253 Submitted by: "Dmitry V. Levin" <ldv@altlinux.org>
author: nectar <nectar@FreeBSD.org> 2004-08-26 19:37:06 +0000
committer: nectar <nectar@FreeBSD.org> 2004-08-26 19:37:06 +0000
commit: 1871435a01ae850271367e795a906a7160fc8a92 (patch)
tree: 4f7ad2f539d5b758a7a89df11c10e9b28853b7bc /lib/libz
parent: c38b89315416a29b52c0d3eca8b14f714a667af8 (diff)
download: FreeBSD-src-1871435a01ae850271367e795a906a7160fc8a92.zip
FreeBSD-src-1871435a01ae850271367e795a906a7160fc8a92.tar.gz
2 files changed, 6 insertions, 0 deletions
diff --git a/lib/libz/infback.c b/lib/libz/infback.c
index 110b03b..e970998 100644
--- a/lib/libz/infback.c
+++ b/lib/libz/infback.c
@@ -434,6 +434,9 @@ void FAR *out_desc;
                 }
             }
 
+            if (state->mode == BAD)
+                break;
+
             /* build code tables */
             state->next = state->codes;
             state->lencode = (code const FAR *)(state->next);
diff --git a/lib/libz/inflate.c b/lib/libz/inflate.c
index 1d66a20..913f002 100644
--- a/lib/libz/inflate.c
+++ b/lib/libz/inflate.c
@@ -864,6 +864,9 @@ int flush;
                 }
             }
 
+            if (state->mode == BAD)
+                break;
+
             /* build code tables */
             state->next = state->codes;
             state->lencode = (code const FAR *)(state->next);
author	nectar <nectar@FreeBSD.org>	2004-08-26 19:37:06 +0000
committer	nectar <nectar@FreeBSD.org>	2004-08-26 19:37:06 +0000
commit	1871435a01ae850271367e795a906a7160fc8a92 (patch)
tree	4f7ad2f539d5b758a7a89df11c10e9b28853b7bc /lib/libz
parent	c38b89315416a29b52c0d3eca8b14f714a667af8 (diff)
download	FreeBSD-src-1871435a01ae850271367e795a906a7160fc8a92.zip FreeBSD-src-1871435a01ae850271367e795a906a7160fc8a92.tar.gz