compress/zlib: tighten header CINFO check

RFC 1950 section 2.2 "Data format" says "CINFO (Compression info)... For
CM = 8... Values of CINFO above 7 are not allowed".

Change-Id: Ibbc1213125c7dc045f09901ee7746660e90b5fcd
Reviewed-on: https://go-review.googlesource.com/c/go/+/395734
Reviewed-by: Matthew Dempsky <mdempsky@google.com>
Trust: Nigel Tao <nigeltao@golang.org>

diff --git a/src/compress/zlib/reader.go b/src/compress/zlib/reader.go
index a195b380d8dd0bc25b7d78f1e5780c2581d37070..343a18bf68150e54f1c39945b23b2a356542991a 100644 (file)
--- a/src/compress/zlib/reader.go
+++ b/src/compress/zlib/reader.go
@@ -32,7 +32,10 @@ import (
        "io"
 )
 
-const zlibDeflate = 8
+const (
+       zlibDeflate   = 8
+       zlibMaxWindow = 7
+)
 
 var (
        // ErrChecksum is returned when reading ZLIB data that has an invalid checksum.
@@ -143,7 +146,7 @@ func (z *reader) Reset(r io.Reader, dict []byte) error {
                return z.err
        }
        h := uint(z.scratch[0])<<8 | uint(z.scratch[1])
-       if (z.scratch[0]&0x0f != zlibDeflate) || (h%31 != 0) {
+       if (z.scratch[0]&0x0f != zlibDeflate) || (z.scratch[0]>>4 > zlibMaxWindow) || (h%31 != 0) {
                z.err = ErrHeader
                return z.err
        }

diff --git a/src/compress/zlib/reader_test.go b/src/compress/zlib/reader_test.go
index 70e33babd10622773ee7e46b730c2698cb57f109..20cec696ee5f55215e7bd115350abc860ff3684a 100644 (file)
--- a/src/compress/zlib/reader_test.go
+++ b/src/compress/zlib/reader_test.go
@@ -65,7 +65,14 @@ var zlibTests = []zlibTest{
                nil,
        },
        {
-               "bad header",
+               "bad header (CINFO)",
+               "",
+               []byte{0x88, 0x98, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01},
+               nil,
+               ErrHeader,
+       },
+       {
+               "bad header (FCHECK)",
                "",
                []byte{0x78, 0x9f, 0x03, 0x00, 0x00, 0x00, 0x00, 0x01},
                nil,