[Bug 12896] New: Gzip decompression, erroneous "corrupted data" when extra field length > 16384 bytes, patch included.
bugzilla at busybox.net
bugzilla at busybox.net
Tue May 12 17:10:56 UTC 2020
https://bugs.busybox.net/show_bug.cgi?id=12896
Bug ID: 12896
Summary: Gzip decompression, erroneous "corrupted data" when
extra field length > 16384 bytes, patch included.
Product: Busybox
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P5
Component: Standard Compliance
Assignee: unassigned at busybox.net
Reporter: busybox.dev at lo2.fr
CC: busybox-cvs at busybox.net
Target Milestone: ---
Created attachment 8461
--> https://bugs.busybox.net/attachment.cgi?id=8461&action=edit
busybox_gzip_extra_field.tar.gz
The gzip specificiation allows for an extra field of max size 65535 (0xFFFF)
bytes.
Howevery, when a gzip file contains an extra field of more than 16384 (0x4000),
the decompression erroneously fails with an error message "corrupted data".
In archival/libarchive/decompress_gunzip.c, the code that checks the gzip
header does not check that the extra field length might be over bytebuffer_max.
When that's the case, the top_up(extra field length) function call fails, and
the header check fails.
The included file contains:
- The patch that fixes the issue
- Two gzip files, one that triggers the error, and one that does not.
All these files have no right reserved, and can therefore conform to the
relevant licenses of this project.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the busybox-cvs
mailing list