1
0
Fork 0
mirror of https://git.tukaani.org/xz.git synced 2024-04-04 12:36:23 +02:00

Don't memzero() the history buffer when initializing LZ

decoder. There's no danger of information leak here, so
it isn't required. Doing memzero() takes a lot of time
with large dictionaries, which could make it easier to
construct DoS attack to consume too much CPU time.
This commit is contained in:
Lasse Collin 2008-02-02 14:51:06 +02:00
parent 7e796e312b
commit 1a3b218598

View file

@ -429,10 +429,9 @@ lzma_lz_decoder_reset(lzma_lz_decoder *lz, lzma_allocator *allocator,
return LZMA_MEM_ERROR;
}
// Clean up the buffers to make it very sure that there are
// no information leaks when multiple steams are decoded
// with the same decoder structures.
memzero(lz->dict, dict_real_size);
// Clean up the temporary buffer to make it very sure that there are
// no information leaks when multiple steams are decoded with the
// same decoder structures.
memzero(lz->temp, LZMA_BUFFER_SIZE);
// Reset the variables so that lz_get_byte(lz, 0) will return '\0'.