zstream: fail when asked to inflate garbage

When we are provided some input buffer (with a length) to inflate,
and it contains more data than simply the deflated data, fail.
zlib will helpfully tell us when it is done reading (via Z_STREAM_END),
so if there is data leftover in the input buffer, fail lest we
continually try to inflate it.

diff --git a/src/zstream.c b/src/zstream.c
index 6533449e83a95ca8ff11d9711a20a07a32c37f6d..d9ad4ca894fa6ed75613109ca5195084063cbdc1 100644 (file)
--- a/src/zstream.c
+++ b/src/zstream.c
@@ -86,6 +86,11 @@ int git_zstream_get_output(void *out, size_t *out_len, git_zstream *zstream)
        int zflush = Z_FINISH;
        size_t out_remain = *out_len;
 
+       if (zstream->in_len && zstream->zerr == Z_STREAM_END) {
+               giterr_set(GITERR_ZLIB, "zlib input had trailing garbage");
+               return -1;
+       }
+
        while (out_remain > 0 && zstream->zerr != Z_STREAM_END) {
                size_t out_queued, in_queued, out_used, in_used;
 

diff --git a/tests/core/zstream.c b/tests/core/zstream.c
index b13429b0a8bf1c4ccde5a1fc49b3b51f6e427567..961904ec378d855076a4ddd094051ca00e0368d4 100644 (file)
--- a/tests/core/zstream.c
+++ b/tests/core/zstream.c
@@ -58,6 +58,25 @@ void test_core_zstream__basic(void)
        assert_zlib_equal(data, strlen(data) + 1, out, outlen);
 }
 
+void test_core_zstream__fails_on_trailing_garbage(void)
+{
+       git_buf deflated = GIT_BUF_INIT, inflated = GIT_BUF_INIT;
+       size_t i = 0;
+
+       /* compress a simple string */
+       git_zstream_deflatebuf(&deflated, "foobar!!", 8);
+
+       /* append some garbage */
+       for (i = 0; i < 10; i++) {
+               git_buf_putc(&deflated, i);
+       }
+
+       cl_git_fail(git_zstream_inflatebuf(&inflated, deflated.ptr, deflated.size));
+
+       git_buf_free(&deflated);
+       git_buf_free(&inflated);
+}
+
 void test_core_zstream__buffer(void)
 {
        git_buf out = GIT_BUF_INIT;