X-Git-Url: https://asedeno.scripts.mit.edu/gitweb/?a=blobdiff_plain;f=sshzlib.c;h=60447fdf60766b23b923e80df7fcb7db2dcd6ac8;hb=bd65d477920b8d53833f6161e261fc6139a873ee;hp=9c80132514f1eb9ea057515ab803edccbfcf5c27;hpb=cd94e3bc3c65e6205867549708c82bec40f55e79;p=PuTTY.git

diff --git a/sshzlib.c b/sshzlib.c
index 9c801325..60447fdf 100644
--- a/sshzlib.c
+++ b/sshzlib.c
@@ -38,6 +38,7 @@
  */
 
 #include <stdlib.h>
+#include <string.h>
 #include <assert.h>
 
 #ifdef ZLIB_STANDALONE
@@ -200,13 +201,20 @@ static void lz77_compress(struct LZ77Context *ctx,
 			  unsigned char *data, int len, int compress)
 {
     struct LZ77InternalContext *st = ctx->ictx;
-    int i, hash, distance, off, nmatch, matchlen, advance;
+    int i, distance, off, nmatch, matchlen, advance;
     struct Match defermatch, matches[MAXMATCH];
     int deferchr;
 
+    assert(st->npending <= HASHCHARS);
+
     /*
      * Add any pending characters from last time to the window. (We
      * might not be able to.)
+     *
+     * This leaves st->pending empty in the usual case (when len >=
+     * HASHCHARS); otherwise it leaves st->pending empty enough that
+     * adding all the remaining 'len' characters will not push it past
+     * HASHCHARS in size.
      */
     for (i = 0; i < st->npending; i++) {
 	unsigned char foo[HASHCHARS];
@@ -234,7 +242,7 @@ static void lz77_compress(struct LZ77Context *ctx,
 	    /*
 	     * Hash the next few characters.
 	     */
-	    hash = lz77_hash(data);
+	    int hash = lz77_hash(data);
 
 	    /*
 	     * Look the hash up in the corresponding hash chain and see
@@ -259,7 +267,6 @@ static void lz77_compress(struct LZ77Context *ctx,
 	    }
 	} else {
 	    nmatch = 0;
-	    hash = INVALID;
 	}
 
 	if (nmatch > 0) {
@@ -333,6 +340,7 @@ static void lz77_compress(struct LZ77Context *ctx,
 	    if (len >= HASHCHARS) {
 		lz77_advance(st, *data, lz77_hash(data));
 	    } else {
+                assert(st->npending < HASHCHARS);
 		st->pending[st->npending++] = *data;
 	    }
 	    data++;
@@ -1225,6 +1233,8 @@ int zlib_decompress_block(void *handle, unsigned char *block, int len,
 		goto finished;
 	    if (code == -2)
 		goto decode_error;
+	    if (code >= 30)            /* dist symbols 30 and 31 are invalid */
+		goto decode_error;
 	    dctx->state = GOTDISTSYM;
 	    dctx->sym = code;
 	    break;
@@ -1259,6 +1269,8 @@ int zlib_decompress_block(void *handle, unsigned char *block, int len,
 		goto finished;
 	    nlen = dctx->bits & 0xFFFF;
 	    EATBITS(16);
+	    if (dctx->uncomplen != (nlen ^ 0xFFFF))
+		goto decode_error;
 	    if (dctx->uncomplen == 0)
 		dctx->state = OUTSIDEBLK;	/* block is empty */
 	    else
@@ -1353,6 +1365,7 @@ int main(int argc, char **argv)
             sfree(outbuf);
         } else {
             fprintf(stderr, "decoding error\n");
+            fclose(fp);
             return 1;
         }
     }
@@ -1369,6 +1382,7 @@ int main(int argc, char **argv)
 
 const struct ssh_compress ssh_zlib = {
     "zlib",
+    "zlib@openssh.com", /* delayed version */
     zlib_compress_init,
     zlib_compress_cleanup,
     zlib_compress_block,