diff options
author | Joerg Sonnenberger <joerg@britannica.bec.de> | 2011-08-21 18:51:53 +0200 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-16 10:29:36 +0100 |
commit | 65deb86f8dab0c88e051b5ac416b7907433aa849 (patch) | |
tree | 9ae30435d3722d0e5245841e8c3d344d6aae94d2 /etc/rgb | |
parent | 18e337ddf410accec5bdf18c5d28bbd5f3ace7cb (diff) | |
download | nx-libs-65deb86f8dab0c88e051b5ac416b7907433aa849.tar.gz nx-libs-65deb86f8dab0c88e051b5ac416b7907433aa849.tar.bz2 nx-libs-65deb86f8dab0c88e051b5ac416b7907433aa849.zip |
Do proper input validation to fix for CVE-2011-2895.
It ensures that all valid input can be decompressed, checks that the
overflow conditions doesn't happen and generally tightens the
validation of the LZW stream and doesn't pessimize the inner loop for
no good reason. It's derived from a change in libarchive from 2004.
v2: backports to nx-libs 3.6.x (Mihai Moldovan)
v3: fix comment lines starting with "+" + whitespace fixes (Mike Gabriel)
Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr>
Reviewed-by: Tomas Hoger <thoger@redhat.com>
Diffstat (limited to 'etc/rgb')
0 files changed, 0 insertions, 0 deletions