From 1a3b21859818e4d8e89a1da99699233c1bfd197d Mon Sep 17 00:00:00 2001 From: Lasse Collin Date: Sat, 2 Feb 2008 14:51:06 +0200 Subject: [PATCH] Don't memzero() the history buffer when initializing LZ decoder. There's no danger of information leak here, so it isn't required. Doing memzero() takes a lot of time with large dictionaries, which could make it easier to construct DoS attack to consume too much CPU time. --- src/liblzma/lz/lz_decoder.c | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/liblzma/lz/lz_decoder.c b/src/liblzma/lz/lz_decoder.c index 9c110dec..92aaff6a 100644 --- a/src/liblzma/lz/lz_decoder.c +++ b/src/liblzma/lz/lz_decoder.c @@ -429,10 +429,9 @@ lzma_lz_decoder_reset(lzma_lz_decoder *lz, lzma_allocator *allocator, return LZMA_MEM_ERROR; } - // Clean up the buffers to make it very sure that there are - // no information leaks when multiple steams are decoded - // with the same decoder structures. - memzero(lz->dict, dict_real_size); + // Clean up the temporary buffer to make it very sure that there are + // no information leaks when multiple steams are decoded with the + // same decoder structures. memzero(lz->temp, LZMA_BUFFER_SIZE); // Reset the variables so that lz_get_byte(lz, 0) will return '\0'.