From: Daniel Axtens Date: Mon, 27 Apr 2015 06:17:21 +0000 (+1000) Subject: Add test for CVE-2002-0059 X-Git-Tag: 1.9.9-b1~780 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=821dd3d85d7a7301f8161df4239cc678dfd475cb;p=thirdparty%2Fzlib-ng.git Add test for CVE-2002-0059 CVE-2002-0059 was a double free in inflation. [0] This makes sure we don't accidentally reintroduce it. zlib-1.1.3 was download and fuzz tested using AFL[1]. This crashing case (test.gz) was discovered, and using gdb it was confirmed to be a double free in the expected place. The test script looks for a normal error exit (status code 1), and fails if any other code is returned. [0] http://www.cvedetails.com/cve/CVE-2002-0059/ [1] http://lcamtuf.coredump.cx/afl/ Signed-off-by: Daniel Axtens --- diff --git a/test/CVE-2002-0059/test.gz b/test/CVE-2002-0059/test.gz new file mode 100644 index 000000000..c5c3e184b Binary files /dev/null and b/test/CVE-2002-0059/test.gz differ diff --git a/test/Makefile.in b/test/Makefile.in index 51167d9c0..9887f0f8e 100644 --- a/test/Makefile.in +++ b/test/Makefile.in @@ -45,7 +45,10 @@ test64: fi; \ rm -f $$TMP64 -cvetests: testCVE-2003-0107 +cvetests: testCVE-2003-0107 testCVEinputs + +testCVEinputs: + @$(SRCDIR)/testCVEinputs.sh testCVE-2003-0107: CVE-2003-0107$(EXE) @if ./CVE-2003-0107$(EXE); then \ diff --git a/test/testCVEinputs.sh b/test/testCVEinputs.sh new file mode 100755 index 000000000..2a86e2067 --- /dev/null +++ b/test/testCVEinputs.sh @@ -0,0 +1,22 @@ +#!/bin/bash +TESTDIR="$(dirname "$0")" + +CVEs="CVE-2002-0059" + +for CVE in $CVEs; do + fail=0 + for testcase in ${TESTDIR}/${CVE}/*.gz; do + ../minigzip -d < "$testcase" + # we expect that a 1 error code is OK + # for a vulnerable failure we'd expect 134 or similar + if [ $? -ne 1 ]; then + fail=1 + fi + done + if [ $fail -eq 0 ]; then + echo " --- zlib not vulnerable to $CVE ---"; + else + echo " --- zlib VULNERABLE to $CVE ---"; exit 1; + fi +done +