[go] compress/zlib: tighten header CINFO check
Nigel Tao (Gerrit)
Nigel Tao has uploaded this change for review.
compress/zlib: tighten header CINFO check
RFC 1950 section 2.2 "Data format" says "CINFO (Compression info)... For
CM = 8... Values of CINFO above 7 are not allowed".
Change-Id: Ibbc1213125c7dc045f09901ee7746660e90b5fcd
---
M src/compress/zlib/reader.go
M src/compress/zlib/reader_test.go
2 files changed, 25 insertions(+), 3 deletions(-)
diff --git a/src/compress/zlib/reader.go b/src/compress/zlib/reader.go
index a195b38..3bbd873 100644
--- a/src/compress/zlib/reader.go
+++ b/src/compress/zlib/reader.go
@@ -32,7 +32,10 @@
"io"
)
-const zlibDeflate = 8
+const (
+ zlibDeflate = 8
+ zlibMaxWindow = 7
+)
var (
// ErrChecksum is returned when reading ZLIB data that has an invalid checksum.
@@ -143,7 +146,7 @@
return z.err
}
h := uint(z.scratch[0])<<8 | uint(z.scratch[1])
- if (z.scratch[0]&0x0f != zlibDeflate) || (h%31 != 0) {
+ if (z.scratch[0]>>4 > zlibMaxWindow) || (z.scratch[0]&0x0f != zlibDeflate) || (h%31 != 0) {
z.err = ErrHeader
return z.err
}
diff --git a/src/compress/zlib/reader_test.go b/src/compress/zlib/reader_test.go
index 70e33ba..20cec69 100644
--- a/src/compress/zlib/reader_test.go
+++ b/src/compress/zlib/reader_test.go
@@ -65,7 +65,14 @@
nil,
},
{
- "bad header",
+ "bad header (CINFO)",
+ "",
+ []byte{0x88, 0x98, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01},
+ nil,
+ ErrHeader,
+ },
+ {
+ "bad header (FCHECK)",
"",
[]byte{0x78, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01},
nil,
To view, visit change 395734. To unsubscribe, or for help writing mail filters, visit settings.
Matthew Dempsky (Gerrit)
Attention is currently required from: Joseph Tsai, Nigel Tao.
Patch set 1:Run-TryBot +1Code-Review +2
1 comment:
File src/compress/zlib/reader.go:
Patch Set #1, Line 149:
(z.scratch[0]&0x0f != zlibDeflate)nit: keep the CM==zlibDeflate check first?
I know it doesn't actually matter right now, but since CINFO is only conditionally defined based on CM, it seems appropriate to validate CM first.
To view, visit change 395734. To unsubscribe, or for help writing mail filters, visit settings.
Nigel Tao (Gerrit)
Attention is currently required from: Joseph Tsai, Nigel Tao.
Nigel Tao uploaded patch set #2 to this change.
compress/zlib: tighten header CINFO check
RFC 1950 section 2.2 "Data format" says "CINFO (Compression info)... For
CM = 8... Values of CINFO above 7 are not allowed".
Change-Id: Ibbc1213125c7dc045f09901ee7746660e90b5fcd
---
M src/compress/zlib/reader.go
M src/compress/zlib/reader_test.go
2 files changed, 25 insertions(+), 3 deletions(-)
To view, visit change 395734. To unsubscribe, or for help writing mail filters, visit settings.
Nigel Tao (Gerrit)
Attention is currently required from: Joseph Tsai.
Patch set 2:Trust +1
1 comment:
File src/compress/zlib/reader.go:
Patch Set #1, Line 149:
(z.scratch[0]&0x0f != zlibDeflate)
nit: keep the CM==zlibDeflate check first? […]
Done
To view, visit change 395734. To unsubscribe, or for help writing mail filters, visit settings.
Nigel Tao (Gerrit)
Nigel Tao submitted this change.
1 is the latest approved patch-set.
The change was submitted with unreviewed changes in the following files:
```
The name of the file: src/compress/zlib/reader.go
Insertions: 1, Deletions: 1.
@@ -146,7 +146,7 @@
return z.err
}
h := uint(z.scratch[0])<<8 | uint(z.scratch[1])
- if (z.scratch[0]>>4 > zlibMaxWindow) || (z.scratch[0]&0x0f != zlibDeflate) || (h%31 != 0) {
+ if (z.scratch[0]&0x0f != zlibDeflate) || (z.scratch[0]>>4 > zlibMaxWindow) || (h%31 != 0) {
z.err = ErrHeader
return z.err
}
```
compress/zlib: tighten header CINFO check
RFC 1950 section 2.2 "Data format" says "CINFO (Compression info)... For
CM = 8... Values of CINFO above 7 are not allowed".
Change-Id: Ibbc1213125c7dc045f09901ee7746660e90b5fcd
Reviewed-on: https://go-review.googlesource.com/c/go/+/395734
Reviewed-by: Matthew Dempsky <mdem...@google.com>
Trust: Nigel Tao <nige...@golang.org>
---
M src/compress/zlib/reader.go
M src/compress/zlib/reader_test.go
2 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/src/compress/zlib/reader.go b/src/compress/zlib/reader.go
index a195b38..343a18b 100644
--- a/src/compress/zlib/reader.go
+++ b/src/compress/zlib/reader.go
@@ -32,7 +32,10 @@
"io"
)
-const zlibDeflate = 8
+const (
+ zlibDeflate = 8
+ zlibMaxWindow = 7
+)
var (
// ErrChecksum is returned when reading ZLIB data that has an invalid checksum.
@@ -143,7 +146,7 @@
return z.err
}
h := uint(z.scratch[0])<<8 | uint(z.scratch[1])
- if (z.scratch[0]&0x0f != zlibDeflate) || (h%31 != 0) {
+ if (z.scratch[0]&0x0f != zlibDeflate) || (z.scratch[0]>>4 > zlibMaxWindow) || (h%31 != 0) {
z.err = ErrHeader
return z.err
}
diff --git a/src/compress/zlib/reader_test.go b/src/compress/zlib/reader_test.go
index 70e33ba..20cec69 100644
--- a/src/compress/zlib/reader_test.go
+++ b/src/compress/zlib/reader_test.go
@@ -65,7 +65,14 @@
nil,
},
{
- "bad header",
+ "bad header (CINFO)",
+ "",
+ []byte{0x88, 0x98, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01},
+ nil,
+ ErrHeader,
+ },
+ {
+ "bad header (FCHECK)",
"",
[]byte{0x78, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01},
nil,
To view, visit change 395734. To unsubscribe, or for help writing mail filters, visit settings.