* grub-core/lib/xzembed/xz_dec_stream.c (dec_main): Fix index and block

	CRC calculations and validity checks.
	* grub-core/lib/xzembed/xz_dec_stream.c (dec_index): Fix index CRC
	calculations.

diff --git a/ChangeLog b/ChangeLog
index 0b043ccd56b8250a1553cd36366a0d41ace6887a..0a85dbbcc1be503f27297871725597d8c8211176 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2010-09-15  Szymon Janc <szymon@janc.net.pl>
+
+       * grub-core/lib/xzembed/xz_dec_stream.c (dec_main): Fix index and block
+       CRC calculations and validity checks.
+       * grub-core/lib/xzembed/xz_dec_stream.c (dec_index): Fix index CRC
+       calculations.
+
 2010-09-15  Szymon Janc <szymon@janc.net.pl>
 
        * grub-core/lib/xzembed/xz_dec_stream.c (xz_dec_end): Fix memory leak.

diff --git a/grub-core/lib/xzembed/xz_dec_stream.c b/grub-core/lib/xzembed/xz_dec_stream.c
index 071ca8debb716c04f37f4a16d222808e78427610..273041edbb05d709598751092e3e0f9ce24c384e 100644 (file)
--- a/grub-core/lib/xzembed/xz_dec_stream.c
+++ b/grub-core/lib/xzembed/xz_dec_stream.c
@@ -270,7 +270,7 @@ static enum xz_ret dec_block(struct xz_dec *s, struct xz_buf *b)
                s->block.hash.uncompressed += s->block.uncompressed;
 
                GRUB_MD_CRC32->write(s->block.hash.crc32_context,
-                               (const uint8_t *)&s->block.hash, sizeof(s->block.hash));
+                               (const uint8_t *)&s->block.hash, 2 * sizeof(vli_type));
 
                ++s->block.count;
        }
@@ -329,8 +329,7 @@ static enum xz_ret dec_index(struct xz_dec *s, struct xz_buf *b)
                        s->index.hash.uncompressed += s->vli;
 
                        GRUB_MD_CRC32->write(s->index.hash.crc32_context,
-                                       (const uint8_t *)&s->index.hash,
-                                       sizeof(s->index.hash));
+                                       (const uint8_t *)&s->index.hash, 2 * sizeof(vli_type));
 
                        --s->index.count;
                        s->index.sequence = SEQ_INDEX_UNPADDED;
@@ -671,8 +670,17 @@ static enum xz_ret dec_main(struct xz_dec *s, struct xz_buf *b)
                        index_update(s, b);
 
                        /* Compare the hashes to validate the Index field. */
-                       if (! memeq(&s->block.hash, &s->index.hash, sizeof(s->block.hash)))
+                       GRUB_MD_CRC32->final(s->block.hash.crc32_context);
+                       GRUB_MD_CRC32->final(s->index.hash.crc32_context);
+                       uint32_t block_crc = *(uint32_t*)GRUB_MD_CRC32->read(s->block.hash.crc32_context);
+                       uint32_t index_crc = *(uint32_t*)GRUB_MD_CRC32->read(s->index.hash.crc32_context);
+
+                       if (s->block.hash.unpadded != s->index.hash.unpadded
+                           || s->block.hash.uncompressed != s->index.hash.uncompressed
+                           || block_crc != index_crc)
+                       {
                                return XZ_DATA_ERROR;
+                       }
 
                        s->sequence = SEQ_INDEX_CRC32;
 
@@ -856,7 +864,6 @@ void xz_dec_end(struct xz_dec *s)
                kfree(s->index.hash.crc32_context);
                kfree(s->block.hash.crc32_context);
                kfree(s->crc32_context);
-
 #ifdef XZ_DEC_BCJ
                xz_dec_bcj_end(s->bcj);
 #endif