mirror of https://git.tukaani.org/xz.git
Don't memzero() the history buffer when initializing LZ
decoder. There's no danger of information leak here, so it isn't required. Doing memzero() takes a lot of time with large dictionaries, which could make it easier to construct DoS attack to consume too much CPU time.
This commit is contained in:
parent
7e796e312b
commit
1a3b218598
|
@ -429,10 +429,9 @@ lzma_lz_decoder_reset(lzma_lz_decoder *lz, lzma_allocator *allocator,
|
||||||
return LZMA_MEM_ERROR;
|
return LZMA_MEM_ERROR;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Clean up the buffers to make it very sure that there are
|
// Clean up the temporary buffer to make it very sure that there are
|
||||||
// no information leaks when multiple steams are decoded
|
// no information leaks when multiple steams are decoded with the
|
||||||
// with the same decoder structures.
|
// same decoder structures.
|
||||||
memzero(lz->dict, dict_real_size);
|
|
||||||
memzero(lz->temp, LZMA_BUFFER_SIZE);
|
memzero(lz->temp, LZMA_BUFFER_SIZE);
|
||||||
|
|
||||||
// Reset the variables so that lz_get_byte(lz, 0) will return '\0'.
|
// Reset the variables so that lz_get_byte(lz, 0) will return '\0'.
|
||||||
|
|
Loading…
Reference in New Issue