d6
/
xz-analysis-mirror
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Don't memzero() the history buffer when initializing LZ 

decoder. There's no danger of information leak here, so
it isn't required. Doing memzero() takes a lot of time
with large dictionaries, which could make it easier to
construct DoS attack to consume too much CPU time.
This commit is contained in:
Lasse Collin 2008-02-02 14:51:06 +02:00
parent 7e796e312b
commit 1a3b218598
1 changed files with 3 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/liblzma/lz/lz_decoder.c
View File

@ -429,10 +429,9 @@ lzma_lz_decoder_reset(lzma_lz_decoder *lz, lzma_allocator *allocator,
return LZMA_MEM_ERROR; return LZMA_MEM_ERROR;
} }
// Clean up the buffers to make it very sure that there are // Clean up the temporary buffer to make it very sure that there are
// no information leaks when multiple steams are decoded // no information leaks when multiple steams are decoded with the
// with the same decoder structures. // same decoder structures.
memzero(lz->dict, dict_real_size);
memzero(lz->temp, LZMA_BUFFER_SIZE); memzero(lz->temp, LZMA_BUFFER_SIZE);
// Reset the variables so that lz_get_byte(lz, 0) will return '\0'. // Reset the variables so that lz_get_byte(lz, 0) will return '\0'.