The patch titled decompressors: check input size in decompress_inflate.c has been removed from the -mm tree. Its filename was decompressors-check-input-size-in-decompress_inflatec.patch This patch was dropped because it was merged into mainline or a subsystem tree The current -mm tree may be found at http://userweb.kernel.org/~akpm/mmotm/ ------------------------------------------------------ Subject: decompressors: check input size in decompress_inflate.c From: Lasse Collin <lasse.collin@xxxxxxxxxxx> Check for end of the input buffer when skipping over the filename field in the .gz file header. Signed-off-by: Lasse Collin <lasse.collin@xxxxxxxxxxx> Cc: "H. Peter Anvin" <hpa@xxxxxxxxx> Cc: Alain Knaff <alain@xxxxxxxx> Cc: Albin Tonnerre <albin.tonnerre@xxxxxxxxxxxxxxxxxx> Cc: Phillip Lougher <phillip@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- lib/decompress_inflate.c | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff -puN lib/decompress_inflate.c~decompressors-check-input-size-in-decompress_inflatec lib/decompress_inflate.c --- a/lib/decompress_inflate.c~decompressors-check-input-size-in-decompress_inflatec +++ a/lib/decompress_inflate.c @@ -98,13 +98,22 @@ STATIC int INIT gunzip(unsigned char *bu * possible asciz filename) */ strm->next_in = zbuf + 10; + strm->avail_in = len - 10; /* skip over asciz filename */ if (zbuf[3] & 0x8) { - while (strm->next_in[0]) - strm->next_in++; - strm->next_in++; + do { + /* + * If the filename doesn't fit into the buffer, + * the file is very probably corrupt. Don't try + * to read more data. + */ + if (strm->avail_in == 0) { + error("header error"); + goto gunzip_5; + } + --strm->avail_in; + } while (*strm->next_in++); } - strm->avail_in = len - (strm->next_in - zbuf); strm->next_out = out_buf; strm->avail_out = out_len; _ Patches currently in -mm which might be from lasse.collin@xxxxxxxxxxx are origin.patch -- To unsubscribe from this list: send the line "unsubscribe mm-commits" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html