X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshzlib.c;h=60447fdf60766b23b923e80df7fcb7db2dcd6ac8;hb=510f49e405e71ba5c97875e7a019364e1ef5fac9;hp=94f0b80c8207d4d2343dfe8ed4fac39b8f457473;hpb=2226098a9e171ac2434df91c848b1b286e2d481e;p=PuTTY.git

diff --git a/sshzlib.c b/sshzlib.c
index 94f0b80c..60447fdf 100644
--- a/sshzlib.c
+++ b/sshzlib.c
@@ -38,6 +38,7 @@
  */
 
 #include <stdlib.h>
+#include <string.h>
 #include <assert.h>
 
 #ifdef ZLIB_STANDALONE
@@ -200,13 +201,20 @@ static void lz77_compress(struct LZ77Context *ctx,
 			  unsigned char *data, int len, int compress)
 {
     struct LZ77InternalContext *st = ctx->ictx;
-    int i, hash, distance, off, nmatch, matchlen, advance;
+    int i, distance, off, nmatch, matchlen, advance;
     struct Match defermatch, matches[MAXMATCH];
     int deferchr;
 
+    assert(st->npending <= HASHCHARS);
+
     /*
      * Add any pending characters from last time to the window. (We
      * might not be able to.)
+     *
+     * This leaves st->pending empty in the usual case (when len >=
+     * HASHCHARS); otherwise it leaves st->pending empty enough that
+     * adding all the remaining 'len' characters will not push it past
+     * HASHCHARS in size.
      */
     for (i = 0; i < st->npending; i++) {
 	unsigned char foo[HASHCHARS];
@@ -224,6 +232,7 @@ static void lz77_compress(struct LZ77Context *ctx,
     }
     st->npending -= i;
 
+    defermatch.distance = 0; /* appease compiler */
     defermatch.len = 0;
     deferchr = '\0';
     while (len > 0) {
@@ -233,7 +242,7 @@ static void lz77_compress(struct LZ77Context *ctx,
 	    /*
 	     * Hash the next few characters.
 	     */
-	    hash = lz77_hash(data);
+	    int hash = lz77_hash(data);
 
 	    /*
 	     * Look the hash up in the corresponding hash chain and see
@@ -258,7 +267,6 @@ static void lz77_compress(struct LZ77Context *ctx,
 	    }
 	} else {
 	    nmatch = 0;
-	    hash = INVALID;
 	}
 
 	if (nmatch > 0) {
@@ -332,6 +340,7 @@ static void lz77_compress(struct LZ77Context *ctx,
 	    if (len >= HASHCHARS) {
 		lz77_advance(st, *data, lz77_hash(data));
 	    } else {
+                assert(st->npending < HASHCHARS);
 		st->pending[st->npending++] = *data;
 	    }
 	    data++;
@@ -1224,6 +1233,8 @@ int zlib_decompress_block(void *handle, unsigned char *block, int len,
 		goto finished;
 	    if (code == -2)
 		goto decode_error;
+	    if (code >= 30)            /* dist symbols 30 and 31 are invalid */
+		goto decode_error;
 	    dctx->state = GOTDISTSYM;
 	    dctx->sym = code;
 	    break;
@@ -1258,6 +1269,8 @@ int zlib_decompress_block(void *handle, unsigned char *block, int len,
 		goto finished;
 	    nlen = dctx->bits & 0xFFFF;
 	    EATBITS(16);
+	    if (dctx->uncomplen != (nlen ^ 0xFFFF))
+		goto decode_error;
 	    if (dctx->uncomplen == 0)
 		dctx->state = OUTSIDEBLK;	/* block is empty */
 	    else
@@ -1352,6 +1365,7 @@ int main(int argc, char **argv)
             sfree(outbuf);
         } else {
             fprintf(stderr, "decoding error\n");
+            fclose(fp);
             return 1;
         }
     }
@@ -1368,6 +1382,7 @@ int main(int argc, char **argv)
 
 const struct ssh_compress ssh_zlib = {
     "zlib",
+    "zlib@openssh.com", /* delayed version */
     zlib_compress_init,
     zlib_compress_cleanup,
     zlib_compress_block,