Commit b8dc2fdb by Edward Thomson Committed by Edward Thomson

zstream: fail when asked to inflate garbage

When we are provided some input buffer (with a length) to inflate,
and it contains more data than simply the deflated data, fail.
zlib will helpfully tell us when it is done reading (via Z_STREAM_END),
so if there is data leftover in the input buffer, fail lest we
continually try to inflate it.
parent 5b78dbdb
...@@ -86,6 +86,11 @@ int git_zstream_get_output(void *out, size_t *out_len, git_zstream *zstream) ...@@ -86,6 +86,11 @@ int git_zstream_get_output(void *out, size_t *out_len, git_zstream *zstream)
int zflush = Z_FINISH; int zflush = Z_FINISH;
size_t out_remain = *out_len; size_t out_remain = *out_len;
if (zstream->in_len && zstream->zerr == Z_STREAM_END) {
giterr_set(GITERR_ZLIB, "zlib input had trailing garbage");
return -1;
}
while (out_remain > 0 && zstream->zerr != Z_STREAM_END) { while (out_remain > 0 && zstream->zerr != Z_STREAM_END) {
size_t out_queued, in_queued, out_used, in_used; size_t out_queued, in_queued, out_used, in_used;
......
...@@ -58,6 +58,25 @@ void test_core_zstream__basic(void) ...@@ -58,6 +58,25 @@ void test_core_zstream__basic(void)
assert_zlib_equal(data, strlen(data) + 1, out, outlen); assert_zlib_equal(data, strlen(data) + 1, out, outlen);
} }
void test_core_zstream__fails_on_trailing_garbage(void)
{
git_buf deflated = GIT_BUF_INIT, inflated = GIT_BUF_INIT;
size_t i = 0;
/* compress a simple string */
git_zstream_deflatebuf(&deflated, "foobar!!", 8);
/* append some garbage */
for (i = 0; i < 10; i++) {
git_buf_putc(&deflated, i);
}
cl_git_fail(git_zstream_inflatebuf(&inflated, deflated.ptr, deflated.size));
git_buf_free(&deflated);
git_buf_free(&inflated);
}
void test_core_zstream__buffer(void) void test_core_zstream__buffer(void)
{ {
git_buf out = GIT_BUF_INIT; git_buf out = GIT_BUF_INIT;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment