1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-09 17:38:00 +00:00

sshzlib: tighten up handling of invalid symbol codes.

In Deflate, both the literal/length and distance Huffman trees are
physically capable of encoding two symbol ids beyond the number that
the spec assigns any actual meaning to: a compressed block header can
specify code lengths for those two extra symbols if it wants to, in
which case those codes will be added to the Huffman tree (in
particular, will affect the encoding of everything else), but then
should not actually use those codes.

Our zlib decoder was silently ignoring the two invalid codes in the
literal/length tree, but treating the two invalid codes in the
distance tree as a fatal decoding error. That seems inconsistent. Now
we treat both as fatal decode errors.
This commit is contained in:
Simon Tatham 2019-04-28 10:02:17 +01:00
parent 1cd935e6c9
commit eecefcb23c

View File

@ -1105,10 +1105,13 @@ bool zlib_decompress_block(ssh_decompressor *dc,
zlib_freetable(&dctx->currdisttable);
dctx->currdisttable = NULL;
}
} else if (code < 286) { /* static tree can give >285; ignore */
} else if (code < 286) {
dctx->state = GOTLENSYM;
dctx->sym = code;
}
} else {
/* literal/length symbols 286 and 287 are invalid */
goto decode_error;
}
break;
case GOTLENSYM:
rec = &lencodes[dctx->sym - 257];