compress/zlib: tighten header CINFO check

RFC 1950 section 2.2 "Data format" says "CINFO (Compression info)... For CM = 8... Values of CINFO above 7 are not allowed". Change-Id: Ibbc1213125c7dc045f09901ee7746660e90b5fcd Reviewed-on: https://go-review.googlesource.com/c/go/+/395734 Reviewed-by: Matthew Dempsky <mdempsky@google.com> Trust: Nigel Tao <nigeltao@golang.org>
2024-11-24 11:00:08 -07:00 · 2022-03-25 10:33:21 +11:00 · 2022-03-25 10:33:21 +11:00 · d1060d8e82
commit d1060d8e82
parent eee6f9f825
2 changed files with 13 additions and 3 deletions
--- a/src/compress/zlib/reader.go
+++ b/src/compress/zlib/reader.go
@ -32,7 +32,10 @@ import (
 	"io"
 )

-const zlibDeflate = 8
+const (
+	zlibDeflate   = 8
+	zlibMaxWindow = 7
+)

 var (
 	// ErrChecksum is returned when reading ZLIB data that has an invalid checksum.
@ -143,7 +146,7 @@ func (z *reader) Reset(r io.Reader, dict []byte) error {
 		return z.err
 	}
 	h := uint(z.scratch[0])<<8 | uint(z.scratch[1])
-	if (z.scratch[0]&0x0f != zlibDeflate) || (h%31 != 0) {
+	if (z.scratch[0]&0x0f != zlibDeflate) || (z.scratch[0]>>4 > zlibMaxWindow) || (h%31 != 0) {
 		z.err = ErrHeader
 		return z.err
 	}
--- a/src/compress/zlib/reader_test.go
+++ b/src/compress/zlib/reader_test.go
@ -65,7 +65,14 @@ var zlibTests = []zlibTest{
 		nil,
 	},
 	{
-		"bad header",
+		"bad header (CINFO)",
+		"",
+		[]byte{0x88, 0x98, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01},
+		nil,
+		ErrHeader,
+	},
+	{
+		"bad header (FCHECK)",
 		"",
 		[]byte{0x78, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01},
 		nil,