* cdb_decompress_if_necessary(): memset 0 the buffer before accessing it

* cdb_decompress_if_necessary(): don't lean on cdb being big enough to fill our header

diff --git a/citadel/database.c b/citadel/database.c
index caa0e3b46c6b71c52d66e654adb8eccc36984f36..957e0164992a5f0adda59bdf630d5cb90d4b2c8a 100644 (file)
--- a/citadel/database.c
+++ b/citadel/database.c
@@ -504,8 +504,13 @@ void cdb_decompress_if_necessary(struct cdbdata *cdb)
        char *uncompressed_data;
        char *compressed_data;
        uLongf destLen, sourceLen;
+       size_t cplen;
 
-       memcpy(&zheader, cdb->ptr, sizeof(struct CtdlCompressHeader));
+       memset(&zheader, 0, sizeof(struct CtdlCompressHeader));
+       cplen = sizeof(struct CtdlCompressHeader);
+       if (sizeof(struct CtdlCompressHeader) > cdb->len)
+               cplen = cdb->len;
+       memcpy(&zheader, cdb->ptr, cplen);
 
        compressed_data = cdb->ptr;
        compressed_data += sizeof(struct CtdlCompressHeader);