From: Nathan Moinvaziri <nathan@nathanm.com>
Date: Sun, 6 Feb 2022 17:51:06 +0000 (-0800)
Subject: Move CVE-2003-0107 test to Google Tests.
X-Git-Tag: 2.1.0-beta1~357
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e664973c031534b8d544dd0761bfe72738594eea;p=thirdparty%2Fzlib-ng.git

Move CVE-2003-0107 test to Google Tests.
---

diff --git a/.gitignore b/.gitignore
index 239171c2d..e5aac0329 100644
--- a/.gitignore
+++ b/.gitignore
@@ -27,7 +27,6 @@
 /switchlevels
 /zlib.pc
 /zlib-ng.pc
-/CVE-2003-0107
 
 .DS_Store
 *_fuzzer
diff --git a/CMakeLists.txt b/CMakeLists.txt
index d88ca32e8..440a71696 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1194,11 +1194,6 @@ if(ZLIB_ENABLE_TESTS)
         add_test(NAME ${target} COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:${target}>)
     endmacro()
 
-
-    if(NOT WIN32 AND ZLIB_COMPAT)
-        add_simple_test_executable(CVE-2003-0107)
-    endif()
-
     add_simple_test_executable(example)
 
     set(MINIGZIP_COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:minigzip>)
diff --git a/configure b/configure
index 0ff33c34c..149ae732a 100755
--- a/configure
+++ b/configure
@@ -2205,7 +2205,6 @@ done
 
 # Generate Makefile in test dir
 mkdir -p test
-if test $compat -eq 1; then COMPATTESTS="compattests"; fi
 if test $QEMU_ARCH; then QEMU_RUN="qemu-$QEMU_ARCH -L /usr/${CHOST}/"; fi
 sed < $SRCDIR/test/Makefile.in "
 /^CC *=/s#=.*#=$CC#
@@ -2215,7 +2214,6 @@ sed < $SRCDIR/test/Makefile.in "
 /^oldtests: */s#:.*#: $TEST#
 /^SRCDIR *=/s#=.*#=$SRCDIR/test#
 /^SRCTOP *=/s#=.*#=$SRCDIR#
-/^COMPATTESTS *=/s#=.*#=$COMPATTESTS#
 /^QEMU_RUN *=/s#=.*#=$QEMU_RUN#
 /^WITH_FUZZERS *=/s#=.*#=$with_fuzzers#
 /^LIBNAME *=/s#=.*#=$LIBNAME#
diff --git a/test/Makefile.in b/test/Makefile.in
index de72edc0f..00050798b 100644
--- a/test/Makefile.in
+++ b/test/Makefile.in
@@ -11,11 +11,10 @@ LIBNAME=
 TEST_LDFLAGS=-L.. ../$(LIBNAME).a
 WITH_FUZZERS=
 
-COMPATTESTS =
 QEMU_RUN=
 QEMU_VER:=$(shell command -v $(QEMU_RUN) --version 2> /dev/null)
 
-all: oldtests cvetests $(COMPATTESTS) fuzzer ghtests
+all: oldtests cvetests fuzzer ghtests
 
 oldtests: #set by ../configure
 check_cross_dep:
@@ -71,25 +70,9 @@ testshared: check_cross_dep
 
 cvetests: testCVEinputs
 
-# Tests requiring zlib-ng to be built with --zlib-compat
-compattests: testCVE-2003-0107
-
 testCVEinputs: check_cross_dep
 	@EXE=$(EXE) QEMU_RUN="${QEMU_RUN}" $(SRCDIR)/testCVEinputs.sh
 
-testCVE-2003-0107: CVE-2003-0107$(EXE) check_cross_dep
-	@if ${QEMU_RUN} ./CVE-2003-0107$(EXE); then \
-	  echo '                *** zlib not vulnerable to CVE-2003-0107 ***'; \
-	else \
-	  echo '                *** zlib VULNERABLE to CVE-2003-0107 ***'; exit 1; \
-	fi
-
-CVE-2003-0107.o: $(SRCDIR)/CVE-2003-0107.c
-	$(CC) $(CFLAGS) -I.. -I$(SRCTOP) -c -o $@ $(SRCDIR)/CVE-2003-0107.c
-
-CVE-2003-0107$(EXE): CVE-2003-0107.o
-	$(CC) $(CFLAGS) -o $@ CVE-2003-0107.o $(TEST_LDFLAGS)
-
 .PHONY: ghtests
 ghtests: testGH-361 testGH-364 testGH-751
 
@@ -110,7 +93,7 @@ testGH-751:
 
 clean:
 	rm -f *.o *.gcda *.gcno *.gcov
-	rm -f CVE-2003-0107$(EXE) switchlevels$(EXE)
+	rm -f switchlevels$(EXE)
 
 distclean:
 	rm -f Makefile
diff --git a/test/README.md b/test/README.md
index b15b01df6..af655f15c 100644
--- a/test/README.md
+++ b/test/README.md
@@ -3,7 +3,7 @@ Contents
 
 |Name|Description|
 |-|-|
-|[CVE-2003-0107.c](https://nvd.nist.gov/vuln/detail/CVE-2003-0107)|Buffer overflow in the gzprintf function, requires ZLIB_COMPAT|
+|[CVE-2003-0107](https://nvd.nist.gov/vuln/detail/CVE-2003-0107)|Buffer overflow in the gzprintf function, requires ZLIB_COMPAT|
 |[CVE-2002-0059](https://nvd.nist.gov/vuln/detail/CVE-2002-0059)|inflateEnd to release memory more than once|
 |[CVE-2004-0797](https://nvd.nist.gov/vuln/detail/CVE-2004-0797)|Error handling in inflate and inflateBack causes crash|
 |[CVE-2005-1849](https://nvd.nist.gov/vuln/detail/CVE-2005-1849)|inftrees.h bug causes crash|
@@ -28,7 +28,7 @@ Some of the files in _test_ are licensed differently:
    which is licensed under the CC-BY license. See
    https://www.ploscompbiol.org/static/license for more information.
 
- - test/data/lcet10.txt is from Project Gutenberg. It does not have expired 
+ - test/data/lcet10.txt is from Project Gutenberg. It does not have expired
    copyright, but is still in the public domain according to the license information.
    (https://www.gutenberg.org/ebooks/53).
 
diff --git a/test/CVE-2003-0107.c b/test/test_cve-2003-0107.cc
similarity index 55%
rename from test/CVE-2003-0107.c
rename to test/test_cve-2003-0107.cc
index 427767d07..9d9e5b00d 100644
--- a/test/CVE-2003-0107.c
+++ b/test/test_cve-2003-0107.cc
@@ -1,22 +1,28 @@
 // https://www.securityfocus.com/archive/1/312869 --- originally by Richard Kettlewell
 #include <stdlib.h>
-#include <zlib.h>
 #include <errno.h>
 #include <stdio.h>
 
-int main(void) {
+#include "zbuild.h"
+#ifdef ZLIB_COMPAT
+#  include "zlib.h"
+#else
+#  include "zlib-ng.h"
+#endif
+
+#include <gtest/gtest.h>
+
+#if !defined(_WIN32) && defined(ZLIB_COMPAT)
+TEST(gzip, cve_2003_0107) {
     gzFile f;
     int ret;
 
-    if(!(f = gzopen("/dev/null", "w"))) {
-        perror("/dev/null");
-        exit(1);
-    }
+    f = gzopen("/dev/null", "w");
+    EXPECT_TRUE(f != NULL);
 
     ret = gzprintf(f, "%10240s", "");
     printf("gzprintf -> %d\n", ret);
     ret = gzclose(f);
     printf("gzclose -> %d [%d]\n", ret, errno);
-
-    exit(0);
 }
+#endif