From: Daniel Axtens <dja@axtens.net>
Date: Mon, 27 Apr 2015 05:49:43 +0000 (+1000)
Subject: Add test for CVE-2003-0107
X-Git-Tag: 1.9.9-b1~781
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d7fdc511e1a860b5792c10c53ea187118db12f8f;p=thirdparty%2Fzlib-ng.git

Add test for CVE-2003-0107

CVE-2003-0107[0] was a bug where zlib 1.1.4 failed to validate whether
arguments to gzprintf() fit within an internal buffer.

We should make sure that in refactoring we don't regress. Therefore,
build the sample code supplied in the original report [1], and check
if it crashes.

[0] http://www.cvedetails.com/cve/CVE-2003-0107/
[1] http://www.securityfocus.com/archive/1/312869

Signed-off-by: Daniel Axtens <dja@axtens.net>
---

diff --git a/.gitignore b/.gitignore
index a53e44889..0beb44b72 100644
--- a/.gitignore
+++ b/.gitignore
@@ -21,6 +21,7 @@
 /minigzip64
 /minigzipsh
 /zlib.pc
+/CVE-2003-0107
 
 .DS_Store
 *.obj
diff --git a/test/CVE-2003-0107.c b/test/CVE-2003-0107.c
new file mode 100644
index 000000000..306421e9f
--- /dev/null
+++ b/test/CVE-2003-0107.c
@@ -0,0 +1,20 @@
+// http://www.securityfocus.com/archive/1/312869 --- originally by Richard Kettlewell
+#include <stdlib.h>
+#include <zlib.h>
+#include <errno.h>
+#include <stdio.h>
+
+int main(void) {
+gzFile f;
+int ret;
+
+if(!(f = gzopen("/dev/null", "w"))) {
+perror("/dev/null");
+exit(1);
+}
+ret = gzprintf(f, "%10240s", "");
+printf("gzprintf -> %d\n", ret);
+ret = gzclose(f);
+printf("gzclose -> %d [%d]\n", ret, errno);
+exit(0);
+}
diff --git a/test/Makefile.in b/test/Makefile.in
index 63895c4b0..51167d9c0 100644
--- a/test/Makefile.in
+++ b/test/Makefile.in
@@ -10,7 +10,7 @@ SRCTOP=
 INCLUDES=
 TEST_LDFLAGS=-L.. ../libz.a
 
-all: oldtests
+all: oldtests cvetests
 
 oldtests: #set by ../configure
 
@@ -45,7 +45,25 @@ test64:
 	fi; \
 	rm -f $$TMP64
 
+cvetests: testCVE-2003-0107
+
+testCVE-2003-0107: CVE-2003-0107$(EXE)
+	@if ./CVE-2003-0107$(EXE); then \
+	  echo '                *** zlib not vulnerable to CVE-2003-0107 ***'; \
+	else \
+	  echo '                *** zlib VULNERABLE to CVE-2003-0107 ***'; exit 1; \
+	fi
+
+CVE-2003-0107.o: $(SRCDIR)/CVE-2003-0107.c
+	$(CC) $(CFLAGS) -I.. -I$(SRCTOP) -c -o $@ $(SRCDIR)/CVE-2003-0107.c
+
+CVE-2003-0107$(EXE): CVE-2003-0107.o
+	$(CC) $(CFLAGS) -o $@ CVE-2003-0107.o $(TEST_LDFLAGS)
+
+
 clean:
+	rm -f *.o *.gcda *.gcno *.gcov
+	rm -f CVE-2003-0107$(EXE)
 
 distclean:
 	rm -f Makefile