From f018685d622080d08641471be338e5e2b698d8df Mon Sep 17 00:00:00 2001 From: Fabian Keil Date: Sun, 7 Feb 2021 17:52:58 +0100 Subject: [PATCH] decompress_iob(): Prevent reading of uninitialized data Reported by: Joshua Rogers (Opera). --- parsers.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/parsers.c b/parsers.c index 999c715e..3197c4ff 100644 --- a/parsers.c +++ b/parsers.c @@ -608,6 +608,14 @@ jb_err decompress_iob(struct client_state *csp) * XXX: this code is untested and should probably be removed. */ int skip_bytes; + + if (cur + 2 >= csp->iob->eod) + { + log_error(LOG_LEVEL_ERROR, + "gzip extra field flag set but insufficient data available."); + return JB_ERR_COMPRESS; + } + skip_bytes = *cur++; skip_bytes += (unsigned char)*cur++ << 8; -- 2.39.2