Don't memzero() the history buffer when initializing LZ

decoder. There's no danger of information leak here, so it isn't required. Doing memzero() takes a lot of time with large dictionaries, which could make it easier to construct DoS attack to consume too much CPU time.
author: Lasse Collin <lasse.collin@tukaani.org> 2008-02-02 14:51:06 +0200
committer: Lasse Collin <lasse.collin@tukaani.org> 2008-02-02 14:51:06 +0200
commit: 1a3b21859818e4d8e89a1da99699233c1bfd197d (patch)
tree: f8904bce60857b0d74919ed4f2b658b24804c8b5 /src
parent: Do uncompressed size validation in raw encoder. This way (diff)
download: xz-1a3b21859818e4d8e89a1da99699233c1bfd197d.tar.xz
1 files changed, 3 insertions, 4 deletions
diff --git a/src/liblzma/lz/lz_decoder.c b/src/liblzma/lz/lz_decoder.c
index 9c110dec..92aaff6a 100644
--- a/src/liblzma/lz/lz_decoder.c
+++ b/src/liblzma/lz/lz_decoder.c
@@ -429,10 +429,9 @@ lzma_lz_decoder_reset(lzma_lz_decoder *lz, lzma_allocator *allocator,
 			return LZMA_MEM_ERROR;
 	}
 
-	// Clean up the buffers to make it very sure that there are
-	// no information leaks when multiple steams are decoded
-	// with the same decoder structures.
-	memzero(lz->dict, dict_real_size);
+	// Clean up the temporary buffer to make it very sure that there are
+	// no information leaks when multiple steams are decoded with the
+	// same decoder structures.
 	memzero(lz->temp, LZMA_BUFFER_SIZE);
 
 	// Reset the variables so that lz_get_byte(lz, 0) will return '\0'.
author	Lasse Collin <lasse.collin@tukaani.org>	2008-02-02 14:51:06 +0200
committer	Lasse Collin <lasse.collin@tukaani.org>	2008-02-02 14:51:06 +0200
commit	1a3b21859818e4d8e89a1da99699233c1bfd197d (patch)
tree	f8904bce60857b0d74919ed4f2b658b24804c8b5 /src
parent	Do uncompressed size validation in raw encoder. This way (diff)
download	xz-1a3b21859818e4d8e89a1da99699233c1bfd197d.tar.xz