From: Philippe Antoine <contact@catenacyber.fr>
Date: Tue, 31 Mar 2020 07:57:38 +0000 (+0200)
Subject: lib-compression: Fix length checks for zlib header
X-Git-Tag: 2.3.11.2~470
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=959e958cd37602cc53645c1612496753a9b1eb2f;p=thirdparty%2Fdovecot%2Fcore.git

lib-compression: Fix length checks for zlib header
---

diff --git a/src/lib-compression/istream-zlib.c b/src/lib-compression/istream-zlib.c
index 3e514cab84..c04df039d8 100644
--- a/src/lib-compression/istream-zlib.c
+++ b/src/lib-compression/istream-zlib.c
@@ -100,12 +100,12 @@ static int i_stream_zlib_read_header(struct istream_private *stream)
 		return -1;
 	}
 	if ((data[3] & GZ_FLAG_FEXTRA) != 0) {
-		if (pos + 2 < size)
+		if (pos + 2 > size)
 			return 0;
 
 		fextra_size = le16_to_cpu_unaligned(&data[pos]);
 		pos += 2;
-		if (pos + fextra_size < size)
+		if (pos + fextra_size > size)
 			return 0;
 		pos += fextra_size;
 	}
@@ -122,7 +122,7 @@ static int i_stream_zlib_read_header(struct istream_private *stream)
 		} while (data[pos++] != '\0');
 	}
 	if ((data[3] & GZ_FLAG_FHCRC) != 0) {
-		if (pos + 2 < size)
+		if (pos + 2 > size)
 			return 0;
 		pos += 2;
 	}