From 821dd3d85d7a7301f8161df4239cc678dfd475cb Mon Sep 17 00:00:00 2001
From: Daniel Axtens <dja@axtens.net>
Date: Mon, 27 Apr 2015 16:17:21 +1000
Subject: [PATCH] Add test for CVE-2002-0059

CVE-2002-0059 was a double free in inflation. [0]

This makes sure we don't accidentally reintroduce it.

zlib-1.1.3 was download and fuzz tested using AFL[1].
This crashing case (test.gz) was discovered, and using gdb it was
confirmed to be a double free in the expected place.

The test script looks for a normal error exit (status code 1),
and fails if any other code is returned.

[0] http://www.cvedetails.com/cve/CVE-2002-0059/
[1] http://lcamtuf.coredump.cx/afl/

Signed-off-by: Daniel Axtens <dja@axtens.net>
---
 test/CVE-2002-0059/test.gz | Bin 0 -> 4610 bytes
 test/Makefile.in           |   5 ++++-
 test/testCVEinputs.sh      |  22 ++++++++++++++++++++++
 3 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 test/CVE-2002-0059/test.gz
 create mode 100755 test/testCVEinputs.sh

diff --git a/test/CVE-2002-0059/test.gz b/test/CVE-2002-0059/test.gz
new file mode 100644
index 0000000000000000000000000000000000000000..c5c3e184b1a90692f1c2dc729eb106476d231378
GIT binary patch
literal 4610
zc-oWi=3oE==C>CV8G*FGf_KvY=NGq#s$EDr(7?#d#v@^nFv=KZj50<Uql{6;C}Wf{
j${1ygGDaDrj8VoYW0Wz<7-EbcY(~E?Y?fwZ5MTfRX%qj?

literal 0
Hc-jL100001

diff --git a/test/Makefile.in b/test/Makefile.in
index 51167d9c0..9887f0f8e 100644
--- a/test/Makefile.in
+++ b/test/Makefile.in
@@ -45,7 +45,10 @@ test64:
 	fi; \
 	rm -f $$TMP64
 
-cvetests: testCVE-2003-0107
+cvetests: testCVE-2003-0107 testCVEinputs
+
+testCVEinputs:
+	@$(SRCDIR)/testCVEinputs.sh
 
 testCVE-2003-0107: CVE-2003-0107$(EXE)
 	@if ./CVE-2003-0107$(EXE); then \
diff --git a/test/testCVEinputs.sh b/test/testCVEinputs.sh
new file mode 100755
index 000000000..2a86e2067
--- /dev/null
+++ b/test/testCVEinputs.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+TESTDIR="$(dirname "$0")"
+
+CVEs="CVE-2002-0059"
+
+for CVE in $CVEs; do
+    fail=0
+    for testcase in ${TESTDIR}/${CVE}/*.gz; do
+	../minigzip -d < "$testcase"
+	# we expect that a 1 error code is OK
+	# for a vulnerable failure we'd expect 134 or similar
+	if [ $? -ne 1 ]; then
+	    fail=1
+	fi
+    done
+    if [ $fail -eq 0 ]; then
+	echo "		--- zlib not vulnerable to $CVE ---";
+    else
+	echo "          --- zlib VULNERABLE to $CVE ---"; exit 1;
+    fi
+done
+
-- 
2.47.3