Commit Graph

2 Commits

Author SHA1 Message Date
Pierre Ossman
3282836baf Make ZlibInStream more robust against failures
Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.

A malicious server could theoretically use this for remote code
execution in the client.

Issue found by Pavel Cheremushkin from Kaspersky Lab
2020-09-21 12:40:12 +03:00
matt
408c005d3e Initial commit 2020-09-20 12:16:44 +00:00