diff options
author | Lasse Collin <lasse.collin@tukaani.org> | 2008-02-02 14:51:06 +0200 |
---|---|---|
committer | Lasse Collin <lasse.collin@tukaani.org> | 2008-02-02 14:51:06 +0200 |
commit | 1a3b21859818e4d8e89a1da99699233c1bfd197d (patch) | |
tree | f8904bce60857b0d74919ed4f2b658b24804c8b5 /src/liblzma | |
parent | Do uncompressed size validation in raw encoder. This way (diff) | |
download | xz-1a3b21859818e4d8e89a1da99699233c1bfd197d.tar.xz |
Don't memzero() the history buffer when initializing LZ
decoder. There's no danger of information leak here, so
it isn't required. Doing memzero() takes a lot of time
with large dictionaries, which could make it easier to
construct DoS attack to consume too much CPU time.
Diffstat (limited to '')
-rw-r--r-- | src/liblzma/lz/lz_decoder.c | 7 |
1 files changed, 3 insertions, 4 deletions
diff --git a/src/liblzma/lz/lz_decoder.c b/src/liblzma/lz/lz_decoder.c index 9c110dec..92aaff6a 100644 --- a/src/liblzma/lz/lz_decoder.c +++ b/src/liblzma/lz/lz_decoder.c @@ -429,10 +429,9 @@ lzma_lz_decoder_reset(lzma_lz_decoder *lz, lzma_allocator *allocator, return LZMA_MEM_ERROR; } - // Clean up the buffers to make it very sure that there are - // no information leaks when multiple steams are decoded - // with the same decoder structures. - memzero(lz->dict, dict_real_size); + // Clean up the temporary buffer to make it very sure that there are + // no information leaks when multiple steams are decoded with the + // same decoder structures. memzero(lz->temp, LZMA_BUFFER_SIZE); // Reset the variables so that lz_get_byte(lz, 0) will return '\0'. |