/switchlevels
/zlib.pc
/zlib-ng.pc
-/CVE-2003-0107
.DS_Store
*_fuzzer
add_test(NAME ${target} COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:${target}>)
endmacro()
-
- if(NOT WIN32 AND ZLIB_COMPAT)
- add_simple_test_executable(CVE-2003-0107)
- endif()
-
add_simple_test_executable(example)
set(MINIGZIP_COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:minigzip>)
# Generate Makefile in test dir
mkdir -p test
-if test $compat -eq 1; then COMPATTESTS="compattests"; fi
if test $QEMU_ARCH; then QEMU_RUN="qemu-$QEMU_ARCH -L /usr/${CHOST}/"; fi
sed < $SRCDIR/test/Makefile.in "
/^CC *=/s#=.*#=$CC#
/^oldtests: */s#:.*#: $TEST#
/^SRCDIR *=/s#=.*#=$SRCDIR/test#
/^SRCTOP *=/s#=.*#=$SRCDIR#
-/^COMPATTESTS *=/s#=.*#=$COMPATTESTS#
/^QEMU_RUN *=/s#=.*#=$QEMU_RUN#
/^WITH_FUZZERS *=/s#=.*#=$with_fuzzers#
/^LIBNAME *=/s#=.*#=$LIBNAME#
TEST_LDFLAGS=-L.. ../$(LIBNAME).a
WITH_FUZZERS=
-COMPATTESTS =
QEMU_RUN=
QEMU_VER:=$(shell command -v $(QEMU_RUN) --version 2> /dev/null)
-all: oldtests cvetests $(COMPATTESTS) fuzzer ghtests
+all: oldtests cvetests fuzzer ghtests
oldtests: #set by ../configure
check_cross_dep:
cvetests: testCVEinputs
-# Tests requiring zlib-ng to be built with --zlib-compat
-compattests: testCVE-2003-0107
-
testCVEinputs: check_cross_dep
@EXE=$(EXE) QEMU_RUN="${QEMU_RUN}" $(SRCDIR)/testCVEinputs.sh
-testCVE-2003-0107: CVE-2003-0107$(EXE) check_cross_dep
- @if ${QEMU_RUN} ./CVE-2003-0107$(EXE); then \
- echo ' *** zlib not vulnerable to CVE-2003-0107 ***'; \
- else \
- echo ' *** zlib VULNERABLE to CVE-2003-0107 ***'; exit 1; \
- fi
-
-CVE-2003-0107.o: $(SRCDIR)/CVE-2003-0107.c
- $(CC) $(CFLAGS) -I.. -I$(SRCTOP) -c -o $@ $(SRCDIR)/CVE-2003-0107.c
-
-CVE-2003-0107$(EXE): CVE-2003-0107.o
- $(CC) $(CFLAGS) -o $@ CVE-2003-0107.o $(TEST_LDFLAGS)
-
.PHONY: ghtests
ghtests: testGH-361 testGH-364 testGH-751
clean:
rm -f *.o *.gcda *.gcno *.gcov
- rm -f CVE-2003-0107$(EXE) switchlevels$(EXE)
+ rm -f switchlevels$(EXE)
distclean:
rm -f Makefile
|Name|Description|
|-|-|
-|[CVE-2003-0107.c](https://nvd.nist.gov/vuln/detail/CVE-2003-0107)|Buffer overflow in the gzprintf function, requires ZLIB_COMPAT|
+|[CVE-2003-0107](https://nvd.nist.gov/vuln/detail/CVE-2003-0107)|Buffer overflow in the gzprintf function, requires ZLIB_COMPAT|
|[CVE-2002-0059](https://nvd.nist.gov/vuln/detail/CVE-2002-0059)|inflateEnd to release memory more than once|
|[CVE-2004-0797](https://nvd.nist.gov/vuln/detail/CVE-2004-0797)|Error handling in inflate and inflateBack causes crash|
|[CVE-2005-1849](https://nvd.nist.gov/vuln/detail/CVE-2005-1849)|inftrees.h bug causes crash|
which is licensed under the CC-BY license. See
https://www.ploscompbiol.org/static/license for more information.
- - test/data/lcet10.txt is from Project Gutenberg. It does not have expired
+ - test/data/lcet10.txt is from Project Gutenberg. It does not have expired
copyright, but is still in the public domain according to the license information.
(https://www.gutenberg.org/ebooks/53).
// https://www.securityfocus.com/archive/1/312869 --- originally by Richard Kettlewell
#include <stdlib.h>
-#include <zlib.h>
#include <errno.h>
#include <stdio.h>
-int main(void) {
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+# include "zlib.h"
+#else
+# include "zlib-ng.h"
+#endif
+
+#include <gtest/gtest.h>
+
+#if !defined(_WIN32) && defined(ZLIB_COMPAT)
+TEST(gzip, cve_2003_0107) {
gzFile f;
int ret;
- if(!(f = gzopen("/dev/null", "w"))) {
- perror("/dev/null");
- exit(1);
- }
+ f = gzopen("/dev/null", "w");
+ EXPECT_TRUE(f != NULL);
ret = gzprintf(f, "%10240s", "");
printf("gzprintf -> %d\n", ret);
ret = gzclose(f);
printf("gzclose -> %d [%d]\n", ret, errno);
-
- exit(0);
}
+#endif
projects / thirdparty / zlib-ng.git / commitdiff
