From d4146305049c42d798cea1a98344ae11b86ceb65 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Wilfried=20G=C3=B6esgens?= Date: Thu, 25 Mar 2010 23:14:14 +0000 Subject: [PATCH] * cdb_decompress_if_necessary(): memset 0 the buffer before accessing it * cdb_decompress_if_necessary(): don't lean on cdb being big enough to fill our header --- citadel/database.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/citadel/database.c b/citadel/database.c index caa0e3b46..957e01649 100644 --- a/citadel/database.c +++ b/citadel/database.c @@ -504,8 +504,13 @@ void cdb_decompress_if_necessary(struct cdbdata *cdb) char *uncompressed_data; char *compressed_data; uLongf destLen, sourceLen; + size_t cplen; - memcpy(&zheader, cdb->ptr, sizeof(struct CtdlCompressHeader)); + memset(&zheader, 0, sizeof(struct CtdlCompressHeader)); + cplen = sizeof(struct CtdlCompressHeader); + if (sizeof(struct CtdlCompressHeader) > cdb->len) + cplen = cdb->len; + memcpy(&zheader, cdb->ptr, cplen); compressed_data = cdb->ptr; compressed_data += sizeof(struct CtdlCompressHeader); -- 2.30.2