Add test for CVE-2004-0797

CVE-2004-0797[0] occured when an error was detected but no action
was taken --- that is, execution was allowed to continue.

One of the tests for CVE-2005-2096 actually hit the code path that
was fixed in the patch for CVE-2004-0797.

This occured because all the fuzzing was done on zlib 1.2.1, and
zlib 1.2.2 fixed this bug but not the 2005 CVEs. It was detected by
running the test cases against zlib 1.2.2.

The relevant bits of the zlib 1.2.2 patch are [1] and [2].

[0] http://www.kb.cert.org/vuls/id/238678
[1] https://github.com/madler/zlib/commit/7a6955760ba950eb82f57929f8f6c9847c65f0af?diff=unified#diff-154f1240658ec1e9f5c90024002d749aR437
[2] https://github.com/madler/zlib/commit/7a6955760ba950eb82f57929f8f6c9847c65f0af?diff=unified#diff-327188edf18799ffbb5a51cc69f797e8R864

Signed-off-by: Daniel Axtens <dja@axtens.net>

diff --git a/test/CVE-2005-2096/test1.gz b/test/CVE-2004-0797/test.gz
similarity index 100%
rename from test/CVE-2005-2096/test1.gz
rename to test/CVE-2004-0797/test.gz

diff --git a/test/CVE-2005-2096/test2.gz b/test/CVE-2005-2096/test.gz
similarity index 100%
rename from test/CVE-2005-2096/test2.gz
rename to test/CVE-2005-2096/test.gz

diff --git a/test/INDEX b/test/INDEX
index 828a371e280666a86bbd0902b52e066fb0ed6678..f167df87e13dab90e80acef716238a40bd04c247 100644 (file)
--- a/test/INDEX
+++ b/test/INDEX
@@ -1,7 +1,8 @@
 Makefile.in: template for Unix Makefile
 
 CVE-2003-0107.c:
-CVE-2002-0059  : 
+CVE-2002-0059  :
+CVE-2004-0797  :
 CVE-2005-1849  :
 CVE-2005-2096  : test cases for the relevant CVEs
 

diff --git a/test/testCVEinputs.sh b/test/testCVEinputs.sh
index f3b679581c7ac6bc68c93c1e42cf06d49af7b57e..046856e788471224b309474a3f615f431d9c3893 100755 (executable)
--- a/test/testCVEinputs.sh
+++ b/test/testCVEinputs.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 TESTDIR="$(dirname "$0")"
 
-CVEs="CVE-2002-0059 CVE-2005-1849 CVE-2005-2096"
+CVEs="CVE-2002-0059 CVE-2004-0797 CVE-2005-1849 CVE-2005-2096"
 
 for CVE in $CVEs; do
     fail=0