Daniel Axtens [Wed, 29 Apr 2015 06:20:37 +0000 (16:20 +1000)]
Add test for CVE-2004-0797
CVE-2004-0797[0] occured when an error was detected but no action
was taken --- that is, execution was allowed to continue.
One of the tests for CVE-2005-2096 actually hit the code path that
was fixed in the patch for CVE-2004-0797.
This occured because all the fuzzing was done on zlib 1.2.1, and
zlib 1.2.2 fixed this bug but not the 2005 CVEs. It was detected by
running the test cases against zlib 1.2.2.
The relevant bits of the zlib 1.2.2 patch are [1] and [2].
Daniel Axtens [Wed, 29 Apr 2015 04:56:57 +0000 (14:56 +1000)]
Add test cases for CVE-2005-1849 and CVE-2005-2096
CVE-2005-1849[0] is an overflow of a fixed size buffer defined in
inftrees.h
CVE-2005-2096[1] is an overflow caused by insufficient input
validation of code trees[2].
This makes sure we don't accidentally reintroduce them.
zlib-1.2.1 was download and fuzz tested using AFL[3]. The crashing
cases were discovered. A patch for 1849 was then applied, and used to
determine which cases hit only that bug, and which ones hit 2096.
Daniel Axtens [Mon, 27 Apr 2015 06:17:21 +0000 (16:17 +1000)]
Add test for CVE-2002-0059
CVE-2002-0059 was a double free in inflation. [0]
This makes sure we don't accidentally reintroduce it.
zlib-1.1.3 was download and fuzz tested using AFL[1].
This crashing case (test.gz) was discovered, and using gdb it was
confirmed to be a double free in the expected place.
The test script looks for a normal error exit (status code 1),
and fails if any other code is returned.
Daniel Axtens [Mon, 27 Apr 2015 05:49:43 +0000 (15:49 +1000)]
Add test for CVE-2003-0107
CVE-2003-0107[0] was a bug where zlib 1.1.4 failed to validate whether
arguments to gzprintf() fit within an internal buffer.
We should make sure that in refactoring we don't regress. Therefore,
build the sample code supplied in the original report [1], and check
if it crashes.
Daniel Axtens [Wed, 29 Apr 2015 05:35:04 +0000 (15:35 +1000)]
Properly bail out when a test fails.
At an earlier point in development, shared libs were failing on Travis
but the overall build was succeeding. Stop that from happening by
bailing out harder.
Add support for internal attribute, the advantage of this over hidden
is for example that the compiler can safely assume that pointers to
functions declared internal can never be passed externally.
This allows the compiler to consider optimizations otherwise impossible.
Evan Nemerson [Tue, 15 Mar 2016 03:48:46 +0000 (20:48 -0700)]
Fix endianness-detection code on Solaris 11.
Solaris doesn't have sys/endian.h or endian.h, it has sys/byteorder.h,
which doesn't define BYTE_ORDER, it defines either _LITTLE_ENDIAN or
_BIG_ENDIAN.
Mark Adler [Fri, 27 Nov 2015 06:52:25 +0000 (22:52 -0800)]
Fix bug that accepted invalid zlib header when windowBits is zero.
When windowBits is zero, the size of the sliding window comes from
the zlib header. The allowed values of the four-bit field are
0..7, but when windowBits is zero, values greater than 7 are
permitted and acted upon, resulting in large, mostly unused memory
allocations. This fix rejects such invalid zlib headers.
Mark Adler [Sun, 4 Oct 2015 18:45:00 +0000 (11:45 -0700)]
Use a consistent and more modern approach to not use a parameter.
A remarkably creative and diverse set of approaches to letting the
compiler know that opaque was being used when it wasn't is changed
by this commit to the more standard (void)opaque.
Mark Adler [Thu, 24 Apr 2014 23:45:36 +0000 (19:45 -0400)]
Assure that gzoffset() is correct when appending.
An open() with O_APPEND followed by an lseek() to determine the
position will return zero for a non-empty file, even though the
next write will start at the end of the file. This commit works
around that by doing an lseek() to the end when appending.
Mark Adler [Sun, 2 Aug 2015 07:02:07 +0000 (00:02 -0700)]
Align deflateParams() and its documentation in zlib.h.
This updates the documentation to reflect the behavior of
deflateParams() when it is not able to compress all of the input
data provided so far due to insufficient output space. It also
assures that data provided is compressed before the parameter
changes, even if at the beginning of the stream.
Mark Adler [Wed, 29 Jul 2015 04:41:20 +0000 (21:41 -0700)]
Fix inflateInit2() bug when windowBits is 16 or 32.
A windowBits value of 0, 16, or 32 gets the window bits from the
zlib header. However there is no zlib header for 16, or for 32
when the input is gzip. This commit sets the window bits for
inflate to 15 if a gzip stream is detected and windowBits was 16
or 32.
Mat [Fri, 30 Oct 2015 09:39:02 +0000 (10:39 +0100)]
fix for preprocessor namespace pollution
Do not pollute the namespace with a define for byte. This breaks various things. Instead use typedef which was also used in the original version of zlib.conf:
#if !defined(__MACTYPES__)
typedef unsigned char Byte; /* 8 bits */
#endif
typedef unsigned int uInt; /* 16 bits or more */
typedef unsigned long uLong; /* 32 bits or more */
#ifdef SMALL_MEDIUM
/* Borland C/C++ and some old MSC versions ignore FAR inside typedef */
# define Bytef Byte FAR
#else
typedef Byte FAR Bytef;
#endif
Mika Lindqvist [Wed, 24 Jun 2015 17:57:34 +0000 (20:57 +0300)]
Split deflate.c
* Separate common inlines and macros to deflate_p.h
* Separate deflate_fast related code to deflate_fast.c
* Separate deflate_medium related code to deflate_medium.c
* Separate deflate_slow related code to deflate_slow.c
projects / thirdparty / zlib-ng.git / log
