diff options
author | George McCollister <george.mccollister@gmail.com> | 2017-11-14 14:01:03 -0600 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-11-21 14:42:59 +0000 |
commit | c34064cceeb56806ed8ddf3aff73a3971378066c (patch) | |
tree | ef3d4268976f44d1415836848741e044710ac988 /meta | |
parent | 1e6235de0a3f6302cee37332f03b1ba403c789d1 (diff) | |
download | openembedded-core-c34064cceeb56806ed8ddf3aff73a3971378066c.tar.gz |
zlib: Fix CVE-2016-9840
Add backported patch to fix CVE-2016-9840 which was fixed in zlib 1.2.9
https://nvd.nist.gov/vuln/detail/CVE-2016-9840
Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9840.patch | 77 | ||||
-rw-r--r-- | meta/recipes-core/zlib/zlib_1.2.8.bb | 1 |
2 files changed, 78 insertions, 0 deletions
diff --git a/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9840.patch b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9840.patch new file mode 100644 index 0000000000..4f0d2c6975 --- /dev/null +++ b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9840.patch @@ -0,0 +1,77 @@ +commit 6a043145ca6e9c55184013841a67b2fef87e44c0 +Author: Mark Adler <madler@alumni.caltech.edu> +Date: Wed Sep 21 23:35:50 2016 -0700 + + Remove offset pointer optimization in inftrees.c. + + inftrees.c was subtracting an offset from a pointer to an array, + in order to provide a pointer that allowed indexing starting at + the offset. This is not compliant with the C standard, for which + the behavior of a pointer decremented before its allocated memory + is undefined. Per the recommendation of a security audit of the + zlib code by Trail of Bits and TrustInSoft, in support of the + Mozilla Foundation, this tiny optimization was removed, in order + to avoid the possibility of undefined behavior. + +Upstream-Status: Backport +http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz +https://github.com/madler/zlib/commit/6a043145ca6e9c55184013841a67b2fef87e44c0 + +CVE: CVE-2016-9840 + +Signed-off-by: George McCollister <george.mccollister@gmail.com> + +diff --git a/inftrees.c b/inftrees.c +index 22fcd66..0d2670d 100644 +--- a/inftrees.c ++++ b/inftrees.c +@@ -54,7 +54,7 @@ unsigned short FAR *work; + code FAR *next; /* next available space in table */ + const unsigned short FAR *base; /* base value table to use */ + const unsigned short FAR *extra; /* extra bits table to use */ +- int end; /* use base and extra for symbol > end */ ++ unsigned match; /* use base and extra for symbol >= match */ + unsigned short count[MAXBITS+1]; /* number of codes of each length */ + unsigned short offs[MAXBITS+1]; /* offsets in table for each length */ + static const unsigned short lbase[31] = { /* Length codes 257..285 base */ +@@ -181,19 +181,17 @@ unsigned short FAR *work; + switch (type) { + case CODES: + base = extra = work; /* dummy value--not used */ +- end = 19; ++ match = 20; + break; + case LENS: + base = lbase; +- base -= 257; + extra = lext; +- extra -= 257; +- end = 256; ++ match = 257; + break; + default: /* DISTS */ + base = dbase; + extra = dext; +- end = -1; ++ match = 0; + } + + /* initialize state for loop */ +@@ -216,13 +214,13 @@ unsigned short FAR *work; + for (;;) { + /* create table entry */ + here.bits = (unsigned char)(len - drop); +- if ((int)(work[sym]) < end) { ++ if (work[sym] + 1 < match) { + here.op = (unsigned char)0; + here.val = work[sym]; + } +- else if ((int)(work[sym]) > end) { +- here.op = (unsigned char)(extra[work[sym]]); +- here.val = base[work[sym]]; ++ else if (work[sym] >= match) { ++ here.op = (unsigned char)(extra[work[sym] - match]); ++ here.val = base[work[sym] - match]; + } + else { + here.op = (unsigned char)(32 + 64); /* end of block */ diff --git a/meta/recipes-core/zlib/zlib_1.2.8.bb b/meta/recipes-core/zlib/zlib_1.2.8.bb index 913c7033d4..b6a4c687ca 100644 --- a/meta/recipes-core/zlib/zlib_1.2.8.bb +++ b/meta/recipes-core/zlib/zlib_1.2.8.bb @@ -10,6 +10,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \ file://remove.ldconfig.call.patch \ file://Makefile-runtests.patch \ file://ldflags-tests.patch \ + file://CVE-2016-9840.patch \ file://run-ptest \ " |