Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

OS-8371 Fix CVE-2018-25032 in our zlib #74

Draft
wants to merge 2 commits into
base: master
Choose a base branch
from
Draft

OS-8371 Fix CVE-2018-25032 in our zlib #74

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
f878181
OS-xxxx patch libz-1.2.3 for CVE-2018-25032
Mar 31, 2022
6be2f27
Add _tr_flush_bits
Mar 31, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions libz/Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,8 @@ AUTOCONF_LDFLAGS.64 =
AUTOCONF_CC = CC="$(GCC.32) $(CPPFLAGS)"
AUTOCONF_CC.64 = CC="$(GCC.64) $(CPPFLAGS)"

PATCHES = Patches/*

#
# LDFLAGS is used by zlib's build system to build programs, not the library
# itself. For that, it accepts only a combined linker+flags+libs command
Expand Down
62 changes: 62 additions & 0 deletions libz/Patches/0001-flush_bits.patch
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,62 @@
diff -ru a/deflate.c b/deflate.c
--- a/deflate.c Sun Jul 17 22:27:31 2005
+++ b/deflate.c Wed Mar 30 22:07:47 2022
@@ -532,19 +532,22 @@
local void flush_pending(strm)
z_streamp strm;
{
- unsigned len = strm->state->pending;
+ unsigned len;
+ deflate_state *s = strm->state;

+ _tr_flush_bits(s);
+ len = s->pending;
if (len > strm->avail_out) len = strm->avail_out;
if (len == 0) return;

- zmemcpy(strm->next_out, strm->state->pending_out, len);
+ zmemcpy(strm->next_out, s->pending_out, len);
strm->next_out += len;
- strm->state->pending_out += len;
+ s->pending_out += len;
strm->total_out += len;
strm->avail_out -= len;
- strm->state->pending -= len;
- if (strm->state->pending == 0) {
- strm->state->pending_out = strm->state->pending_buf;
+ s->pending -= len;
+ if (s->pending == 0) {
+ s->pending_out = s->pending_buf;
}
}

diff -ru a/deflate.h b/deflate.h
--- a/deflate.h Sun May 29 11:55:22 2005
+++ b/deflate.h Wed Mar 30 22:08:34 2022
@@ -283,6 +283,7 @@
int _tr_tally OF((deflate_state *s, unsigned dist, unsigned lc));
void _tr_flush_block OF((deflate_state *s, charf *buf, ulg stored_len,
int eof));
+void _tr_flush_bits OF((deflate_state *s));
void _tr_align OF((deflate_state *s));
void _tr_stored_block OF((deflate_state *s, charf *buf, ulg stored_len,
int eof));
diff -ru a/trees.c b/trees.c
--- a/trees.c Sun Jun 12 20:34:41 2005
+++ b/trees.c Wed Mar 30 22:07:47 2022
@@ -879,6 +879,15 @@
}

/* ===========================================================================
+ * Flush the bits in the bit buffer to pending output (leaves at most 7 bits)
+ */
+void ZLIB_INTERNAL _tr_flush_bits(s)
+ deflate_state *s;
+{
+ bi_flush(s);
+}
+
+/* ===========================================================================
* Send one empty static block to give enough lookahead for inflate.
* This takes 10 bits, of which 7 may remain in the bit buffer.
* The current inflate code requires 9 bits of lookahead. If the
Loading