1. clamav-devel
  2. Commit 6bbe910f427f54a4f51ac852e17f87a54f339419
Browse code

fuzz - 12124 - Added missing hash cleanup checks in Xx decoder.

Micah Snyder authored on 2019/02/10 15:22:03
Showing 3 changed files
libclamav/7z/Xz.c
History View file @ 6bbe910
... ... 
@@ -93,6 +93,7 @@ int XzCheck_Final(CXzCheck *p, Byte *digest)
93 93 
           return 0;
94 94
95 95 
       cl_finish_hash(p->sha, digest);
96 
+      p->sha = NULL;
96 97 
       break;
97 98 
     default:
98 99 
       return 0;
libclamav/7z/XzDec.c
History View file @ 6bbe910
... ... 
@@ -614,7 +614,11 @@ SRes XzUnpacker_Create(CXzUnpacker *p, ISzAlloc *alloc)
614 614
615 615 
 void XzUnpacker_Free(CXzUnpacker *p)
616 616 
 {
617 
+  if (!p)
618 
+    return;
617 619 
   MixCoder_Free(&p->decoder);
620 
+  cl_hash_destroy(p->sha);
621 
+  p->sha = NULL;
618 622 
 }
619 623
620 624 
 SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,
... ... 
@@ -816,8 +820,10 @@ SRes XzUnpacker_Code(CXzUnpacker *p, Byte *dest, SizeT *destLen,
816 816 
             p->state = XZ_STATE_STREAM_INDEX_CRC;
817 817 
             p->indexSize += 4;
818 818 
             p->pos = 0;
819 
-            if ((p->sha))
819 
+            if ((p->sha)) {
820 820 
                 cl_finish_hash(p->sha, digest);
821 
+                p->sha = NULL;
822 
+            }
821 823
822 824 
             if (memcmp(digest, p->shaDigest, SHA256_DIGEST_SIZE) != 0)
823 825 
               return SZ_ERROR_CRC;
libclamav/xz_iface.c
History View file @ 6bbe910
... ... 
@@ -57,6 +57,8 @@ int cli_XzInit(struct CLI_XZ *XZ) {
57 57 
 }
58 58
59 59 
 void cli_XzShutdown(struct CLI_XZ *XZ) {
60 
+    if (!XZ)
61 
+        return;
60 62 
     XzUnpacker_Free(&XZ->state);
61 63 
 }
62 64