git.ipfire.org Git - thirdparty/zlib-ng.git/commit

author	Daniel Axtens <dja@axtens.net>
	Wed, 29 Apr 2015 04:56:57 +0000 (14:56 +1000)
committer	Hans Kristian Rosbach <hk-git@circlestorm.org>
	Thu, 28 Apr 2016 12:00:05 +0000 (14:00 +0200)
commit	f246b9310df9a62ba50630b763606af066574183
tree	9591c7e3a5420e861d5f4a03f74344d9ff55cd08	tree
parent	821dd3d85d7a7301f8161df4239cc678dfd475cb	commit \| diff

Add test cases for CVE-2005-1849 and CVE-2005-2096

CVE-2005-1849[0] is an overflow of a fixed size buffer defined in
inftrees.h

CVE-2005-2096[1] is an overflow caused by insufficient input
validation of code trees[2].

This makes sure we don't accidentally reintroduce them.

zlib-1.2.1 was download and fuzz tested using AFL[3]. The crashing
cases were discovered. A patch for 1849 was then applied, and used to
determine which cases hit only that bug, and which ones hit 2096.

[0] http://seclists.org/bugtraq/2005/Jul/451
[1] http://seclists.org/bugtraq/2005/Jul/53
[2] https://bug299445.bugzilla.mozilla.org/attachment.cgi?id=188021
[3] http://lcamtuf.coredump.cx/afl/

Signed-off-by: Daniel Axtens <dja@axtens.net>

test/CVE-2005-1849/test.gz	[new file with mode: 0644]	blob
test/CVE-2005-2096/test1.gz	[new file with mode: 0644]	blob
test/CVE-2005-2096/test2.gz	[new file with mode: 0644]	blob
test/INDEX	[new file with mode: 0644]	blob
test/testCVEinputs.sh		diff \| blob \| blame \| history