mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-11 15:00:34 +00:00
d630e987e8
Upstream-Status: Backport from226580d502&&9037ea3511Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Scott Murray <scott.murray@konsulko.com>
32 lines
1.2 KiB
Diff
32 lines
1.2 KiB
Diff
From 9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7 Mon Sep 17 00:00:00 2001
|
|
From: Philippe Antoine <contact@catenacyber.fr>
|
|
Date: Tue, 17 Jun 2025 10:12:47 +0200
|
|
Subject: [PATCH] decompressors: fix leak in lzma error case
|
|
|
|
Ticket: 7766
|
|
|
|
CVE: CVE-2025-53537
|
|
Upstream-Status: Backport [https://github.com/OISF/libhtp/commit/9037ea35110a0d97be5cedf8d31fb4cd9a38c7a7]
|
|
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
|
|
---
|
|
htp/htp_decompressors.c | 3 +++
|
|
1 file changed, 3 insertions(+)
|
|
|
|
diff --git a/htp/htp_decompressors.c b/htp/htp_decompressors.c
|
|
index 0d94c30..ce6cfe1 100644
|
|
--- a/htp/htp_decompressors.c
|
|
+++ b/htp/htp_decompressors.c
|
|
@@ -351,6 +351,9 @@ restart:
|
|
// There is data even if there is an error
|
|
// So use this data and log a warning
|
|
htp_log(d->tx->connp, HTP_LOG_MARK, HTP_LOG_WARNING, 0, "GZip decompressor: inflate failed with %d", rc);
|
|
+ if (drec->zlib_initialized == HTP_COMPRESSION_LZMA) {
|
|
+ LzmaDec_Free(&drec->state, &lzma_Alloc);
|
|
+ }
|
|
drec->zlib_initialized = HTP_COMPRESSION_OVER;
|
|
return HTP_ERROR;
|
|
}
|
|
--
|
|
2.50.1
|
|
|