From: Daniel Axtens <dja@axtens.net>
Date: Wed, 29 Apr 2015 06:20:37 +0000 (+1000)
Subject: Add test for CVE-2004-0797
X-Git-Tag: 1.9.9-b1~778
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a54d505bda0b0bbfe99ab07f91dabb73b6362256;p=thirdparty%2Fzlib-ng.git

Add test for CVE-2004-0797

CVE-2004-0797[0] occured when an error was detected but no action
was taken --- that is, execution was allowed to continue.

One of the tests for CVE-2005-2096 actually hit the code path that
was fixed in the patch for CVE-2004-0797.

This occured because all the fuzzing was done on zlib 1.2.1, and
zlib 1.2.2 fixed this bug but not the 2005 CVEs. It was detected by
running the test cases against zlib 1.2.2.

The relevant bits of the zlib 1.2.2 patch are [1] and [2].

[0] http://www.kb.cert.org/vuls/id/238678
[1] https://github.com/madler/zlib/commit/7a6955760ba950eb82f57929f8f6c9847c65f0af?diff=unified#diff-154f1240658ec1e9f5c90024002d749aR437
[2] https://github.com/madler/zlib/commit/7a6955760ba950eb82f57929f8f6c9847c65f0af?diff=unified#diff-327188edf18799ffbb5a51cc69f797e8R864

Signed-off-by: Daniel Axtens <dja@axtens.net>
---

diff --git a/test/CVE-2005-2096/test1.gz b/test/CVE-2004-0797/test.gz
similarity index 100%
rename from test/CVE-2005-2096/test1.gz
rename to test/CVE-2004-0797/test.gz
diff --git a/test/CVE-2005-2096/test2.gz b/test/CVE-2005-2096/test.gz
similarity index 100%
rename from test/CVE-2005-2096/test2.gz
rename to test/CVE-2005-2096/test.gz
diff --git a/test/INDEX b/test/INDEX
index 828a371e2..f167df87e 100644
--- a/test/INDEX
+++ b/test/INDEX
@@ -1,7 +1,8 @@
 Makefile.in: template for Unix Makefile
 
 CVE-2003-0107.c:
-CVE-2002-0059  : 
+CVE-2002-0059  :
+CVE-2004-0797  :
 CVE-2005-1849  :
 CVE-2005-2096  : test cases for the relevant CVEs
 
diff --git a/test/testCVEinputs.sh b/test/testCVEinputs.sh
index f3b679581..046856e78 100755
--- a/test/testCVEinputs.sh
+++ b/test/testCVEinputs.sh
@@ -1,7 +1,7 @@
 #!/bin/bash
 TESTDIR="$(dirname "$0")"
 
-CVEs="CVE-2002-0059 CVE-2005-1849 CVE-2005-2096"
+CVEs="CVE-2002-0059 CVE-2004-0797 CVE-2005-1849 CVE-2005-2096"
 
 for CVE in $CVEs; do
     fail=0