From 8218a437234309faa5725f82c33c3523788d5f68 Mon Sep 17 00:00:00 2001
From: Lasse Collin <lasse.collin@tukaani.org>
Date: Wed, 12 Jan 2011 17:01:17 -0800
Subject: Decompressors: fix header validation in decompress_unlzma.c

Validation of header.pos calls error() but doesn't make the function
return to indicate an error to the caller.  Instead the decoding is
attempted with invalid header.pos.  This fixes it.

Signed-off-by: Lasse Collin <lasse.collin@tukaani.org>
Cc: "H. Peter Anvin" <hpa@zytor.com>
Cc: Alain Knaff <alain@knaff.lu>
Cc: Albin Tonnerre <albin.tonnerre@free-electrons.com>
Cc: Phillip Lougher <phillip@lougher.demon.co.uk>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
---
 lib/decompress_unlzma.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib/decompress_unlzma.c')

diff --git a/lib/decompress_unlzma.c b/lib/decompress_unlzma.c
index 4817359..696c34a 100644
--- a/lib/decompress_unlzma.c
+++ b/lib/decompress_unlzma.c
@@ -574,8 +574,10 @@ STATIC inline int INIT unlzma(unsigned char *buf, int in_len,
 		((unsigned char *)&header)[i] = *rc.ptr++;
 	}
 
-	if (header.pos >= (9 * 5 * 5))
+	if (header.pos >= (9 * 5 * 5)) {
 		error("bad header");
+		goto exit_1;
+	}
 
 	mi = 0;
 	lc = header.pos;
-- 
cgit v1.1