Diffusion FreeBSD src repository ee4712284cd6

Illumos #4936 fix potential overflow in lz4
ee4712284cd6
Actions

Description

Illumos #4936 fix potential overflow in lz4

4936 lz4 could theoretically overflow a pointer with a certain input
Reviewed by: Saso Kiselkov <skiselkov.ml@gmail.com>
Reviewed by: Keith Wesolowski <keith.wesolowski@joyent.com>
Approved by: Gordon Ross <gordon.ross@nexenta.com>
Ported by: Tim Chase <tim@chase2k.com>

References:

https://illumos.org/issues/4936
https://github.com/illumos/illumos-gate/commit/58d0718

Porting notes:

This fixes the widely-reported "20-year-old vulnerability" in
LZO/LZ4 implementations which inherited said bug from the reference
implementation.

Signed-off-by: Richard Yao <ryao@gentoo.org>
Signed-off-by: Tim Chase <tim@chase2k.com>
Signed-off-by: Brian Behlendorf <behlendorf1@llnl.gov>
Closes #2429

Details

Provenance

Dan McDonald <danmcd@omniti.com>	Authored on Jun 24 2014, 2:25 AM
Brian Behlendorf <behlendorf1@llnl.gov>	Committed on Jul 1 2014, 9:10 PM

Parents

rG4240dc332d2c: Comment the lack of real_LZ4_uncompress()

Branches

Unknown

Tags

Unknown

Event Timeline

Brian Behlendorf <behlendorf1@llnl.gov> committed rGee4712284cd6: Illumos #4936 fix potential overflow in lz4 (authored by Dan McDonald <danmcd@omniti.com>).Jul 1 2014, 9:10 PM

Changes (1)

Path

Size

module/

zfs/

lz4.c

rGee4712284cd6

View Options