Open Bug 610079 Opened 14 years ago Updated 1 year ago

libssl: ssl3_DeflateDecompress needs to verify decompressoin finished

Tracking

(Not tracked)

Status:

NEW

People

(Reporter: briansmith, Unassigned)

References

Details

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Reporter

Description

•

14 years ago

inflate() will return Z_OK if the output buffer fills up before all the decompressed data can be written to it. The current code assumes Z_OK means that all the data has been decompressed. After the check for Z_OK, a check for avail_out > 0 and/or avail_in == 0 needs to be made. I think the caller also needs to ensure that there is extra space in the output buffer so that avail_out==0 isn't ambiguous. Alternately, when avail_out==0 then we can call inflate() again with a temporary (stack) buffer as the output buffer, and fail if inflate() actually writes anything to that buffer.

Brian Smith (:briansmith, :bsmith, use NEEDINFO?)

Reporter

Updated

•

14 years ago

Blocks: 580679

BMO Automation

Updated

•

2 years ago

Severity: normal → S3

Benjamin Beurdouche [:beurdouche]

Updated

•

1 year ago

Severity: S3 → S4

Priority: -- → P5

You need to log in before you can comment on or make changes to this bug.

Bugzilla

libssl: ssl3_DeflateDecompress needs to verify decompressoin finished

Categories

(NSS :: Libraries, defect, P5)

Tracking

(Not tracked)

People

(Reporter: briansmith, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated