arno/hashcat
1
0
Fork 0
mirror of https://github.com/hashcat/hashcat.git synced 2025-03-06 18:16:12 +00:00
Code Issues Releases Wiki Activity

Fix a bug when getting a gzip header extra field with inflate().

Browse Source 
If the extra field was larger than the space the user provided with
inflateGetHeader(), and if multiple calls of inflate() delivered
the extra header data, then there could be a buffer overflow of the
provided space. This commit assures that provided space is not
exceeded.
This commit is contained in:
tabudz 2025-02-26 19:18:48 +08:00
parent 6716447dfc
commit 768b5c3a5c
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
deps/zlib/inflate.c vendored
View File

@ -758,9 +758,10 @@ int flush;
copy = state->length; copy = state->length;
if (copy > have) copy = have; if (copy > have) copy = have;
if (copy) { if (copy) {
len = state->head->extra_len - state->length;
if (state->head != Z_NULL && if (state->head != Z_NULL &&
state->head->extra != Z_NULL) { state->head->extra != Z_NULL &&
len = state->head->extra_len - state->length; len < state->head->extra_max) {
zmemcpy(state->head->extra + len, next, zmemcpy(state->head->extra + len, next,
len + copy > state->head->extra_max ? len + copy > state->head->extra_max ?
state->head->extra_max - len : copy); state->head->extra_max - len : copy);