From: Mark Adler <madler@alumni.caltech.edu>
Date: Mon, 24 Oct 2016 22:52:19 +0000 (-0700)
Subject: Reject a window size of 256 bytes if not using the zlib wrapper.
X-Git-Tag: 1.9.9-b1~734
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=28f38f975f72cba7037ee87db1cd9238aecb6f7b;p=thirdparty%2Fzlib-ng.git

Reject a window size of 256 bytes if not using the zlib wrapper.

There is a bug in deflate for windowBits == 8 (256-byte window).
As a result, zlib silently changes a request for 8 to a request
for 9 (512-byte window), and sets the zlib header accordingly so
that the decompressor knows to use a 512-byte window. However if
deflateInit2() is used for raw deflate or gzip streams, then there
is no indication that the request was not honored, and the
application might assume that it can use a 256-byte window when
decompressing. This commit returns an error if the user requests
a 256-byte window when using raw deflate or gzip encoding.
---

diff --git a/deflate.c b/deflate.c
index 9e8db2d86..33c660335 100644
--- a/deflate.c
+++ b/deflate.c
@@ -201,7 +201,8 @@ int ZEXPORT deflateInit2_(z_stream *strm, int level, int method, int windowBits,
 #endif
     }
     if (memLevel < 1 || memLevel > MAX_MEM_LEVEL || method != Z_DEFLATED || windowBits < 8 ||
-        windowBits > 15 || level < 0 || level > 9 || strategy < 0 || strategy > Z_FIXED) {
+        windowBits > 15 || level < 0 || level > 9 || strategy < 0 || strategy > Z_FIXED ||
+        (windowBits == 8 && wrap != 1)) {
         return Z_STREAM_ERROR;
     }
     if (windowBits == 8)