Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/netbsd-1-5]: src/lib/libz Pull up revision 1.6 (requested by fvdl):
details: https://anonhg.NetBSD.org/src/rev/80e680c44dcb
branches: netbsd-1-5
changeset: 492965:80e680c44dcb
user: he <he%NetBSD.org@localhost>
date: Wed Mar 20 23:18:04 2002 +0000
description:
Pull up revision 1.6 (requested by fvdl):
Upgrade libz to 1.1.4 due to a possible security bug.
diffstat:
lib/libz/ChangeLog | 14 ++++++++++-
lib/libz/README | 63 ++++++++++++++++++++++++++--------------------------
lib/libz/infblock.c | 13 +++++++---
lib/libz/infcodes.c | 14 +++--------
lib/libz/inffast.c | 51 ++++++++++++++++++++++++++---------------
lib/libz/inflate.c | 4 +-
lib/libz/infutil.c | 4 +-
7 files changed, 92 insertions(+), 71 deletions(-)
diffs (truncated from 314 to 300 lines):
diff -r f2d50636d17a -r 80e680c44dcb lib/libz/ChangeLog
--- a/lib/libz/ChangeLog Wed Mar 20 22:42:47 2002 +0000
+++ b/lib/libz/ChangeLog Wed Mar 20 23:18:04 2002 +0000
@@ -1,7 +1,17 @@
-$NetBSD: ChangeLog,v 1.5 1999/07/03 12:30:52 simonb Exp $
+$NetBSD: ChangeLog,v 1.5.8.1 2002/03/20 23:18:04 he Exp $
ChangeLog file for zlib
+Changes in 1.1.4 (11 March 2002)
+- ZFREE was repeated on same allocation on some error conditions.
+ This creates a security problem described in
+ http://www.zlib.org/advisory-2002-03-11.txt
+- Returned incorrect error (Z_MEM_ERROR) on some invalid data
+- Avoid accesses before window for invalid distances with inflate window
+ less than 32K.
+- force windowBits > 8 to avoid a bug in the encoder for a window size
+ of 256 bytes. (A complete fix will be available in 1.1.5).
+
Changes in 1.1.3 (9 July 1998)
- fix "an inflate input buffer bug that shows up on rare but persistent
occasions" (Mark)
@@ -216,7 +226,7 @@
- use _fdopen instead of fdopen for MSC >= 6.0 (Thomas Fanslau)
- added makelcc.bat for lcc-win32 (Tom St Denis)
- in Makefile.dj2, use copy and del instead of install and rm (Frank Donahoe)
-- Avoid expanded $Id: ChangeLog,v 1.5 1999/07/03 12:30:52 simonb Exp $. Use "rcs -kb" or "cvs admin -kb" to avoid Id expansion.
+- Avoid expanded $Id: ChangeLog,v 1.5.8.1 2002/03/20 23:18:04 he Exp $. Use "rcs -kb" or "cvs admin -kb" to avoid Id expansion.
- check for unistd.h in configure (for off_t)
- remove useless check parameter in inflate_blocks_free
- avoid useless assignment of s->check to itself in inflate_blocks_new
diff -r f2d50636d17a -r 80e680c44dcb lib/libz/README
--- a/lib/libz/README Wed Mar 20 22:42:47 2002 +0000
+++ b/lib/libz/README Wed Mar 20 23:18:04 2002 +0000
@@ -1,9 +1,9 @@
-$NetBSD: README,v 1.5 1999/07/03 12:30:52 simonb Exp $
+$NetBSD: README,v 1.5.8.1 2002/03/20 23:18:04 he Exp $
-zlib 1.1.3 is a general purpose data compression library. All the code
+zlib 1.1.4 is a general purpose data compression library. All the code
is thread safe. The data format used by the zlib library
is described by RFCs (Request for Comments) 1950 to 1952 in the files
-ftp://ds.internic.net/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
+http://www.ietf.org/rfc/rfc1950.txt (zlib format), rfc1951.txt (deflate
format) and rfc1952.txt (gzip format). These documents are also available in
other formats from ftp://ftp.uu.net/graphics/png/documents/zlib/zdoc-index.html
@@ -16,51 +16,50 @@
To compile all files and run the test program, follow the instructions
given at the top of Makefile. In short "make test; make install"
-should work for most machines. For Unix: "configure; make test; make install"
+should work for most machines. For Unix: "./configure; make test; make install"
For MSDOS, use one of the special makefiles such as Makefile.msc.
For VMS, use Make_vms.com or descrip.mms.
-Questions about zlib should be sent to <zlib%quest.jpl.nasa.gov@localhost>, or to
+Questions about zlib should be sent to <zlib%gzip.org@localhost>, or to
Gilles Vollant <info%winimage.com@localhost> for the Windows DLL version.
-The zlib home page is http://www.cdrom.com/pub/infozip/zlib/
-The official zlib ftp site is ftp://ftp.cdrom.com/pub/infozip/zlib/
-Before reporting a problem, please check those sites to verify that
+The zlib home page is http://www.zlib.org or http://www.gzip.org/zlib/
+Before reporting a problem, please check this site to verify that
you have the latest version of zlib; otherwise get the latest version and
check whether the problem still exists or not.
-Mark Nelson <markn%tiny.com@localhost> wrote an article about zlib for the Jan. 1997
+PLEASE read the zlib FAQ http://www.gzip.org/zlib/zlib_faq.html
+before asking for help.
+
+Mark Nelson <markn%ieee.org@localhost> wrote an article about zlib for the Jan. 1997
issue of Dr. Dobb's Journal; a copy of the article is available in
-http://web2.airmail.net/markn/articles/zlibtool/zlibtool.htm
+http://dogma.net/markn/articles/zlibtool/zlibtool.htm
-The changes made in version 1.1.3 are documented in the file ChangeLog.
-The main changes since 1.1.2 are:
+The changes made in version 1.1.4 are documented in the file ChangeLog.
+The only changes made since 1.1.3 are bug corrections:
-- fix "an inflate input buffer bug that shows up on rare but persistent
- occasions" (Mark)
-- fix gzread and gztell for concatenated .gz files (Didier Le Botlan)
-- fix gzseek(..., SEEK_SET) in write mode
-- fix crc check after a gzeek (Frank Faubert)
-- fix miniunzip when the last entry in a zip file is itself a zip file
- (J Lillge)
-- add contrib/asm586 and contrib/asm686 (Brian Raiter)
- See http://www.muppetlabs.com/~breadbox/software/assembly.html
-- add support for Delphi 3 in contrib/delphi (Bob Dellaca)
-- add support for C++Builder 3 and Delphi 3 in contrib/delphi2 (Davide Moretti)
-- do not exit prematurely in untgz if 0 at start of block (Magnus Holmgren)
-- use macro EXTERN instead of extern to support DLL for BeOS (Sander Stoks)
-- added a FAQ file
+- ZFREE was repeated on same allocation on some error conditions.
+ This creates a security problem described in
+ http://www.zlib.org/advisory-2002-03-11.txt
+- Returned incorrect error (Z_MEM_ERROR) on some invalid data
+- Avoid accesses before window for invalid distances with inflate window
+ less than 32K.
+- force windowBits > 8 to avoid a bug in the encoder for a window size
+ of 256 bytes. (A complete fix will be available in 1.1.5).
-plus many changes for portability.
+The beta version 1.1.5beta includes many more changes. A new official
+version 1.1.5 will be released as soon as extensive testing has been
+completed on it.
+
Unsupported third party contributions are provided in directory "contrib".
-A Java implementation of zlib is available in the Java Development Kit 1.1
+A Java implementation of zlib is available in the Java Development Kit
http://www.javasoft.com/products/JDK/1.1/docs/api/Package-java.util.zip.html
-See the zlib home page http://www.cdrom.com/pub/infozip/zlib/ for details.
+See the zlib home page http://www.zlib.org for details.
A Perl interface to zlib written by Paul Marquess <pmarquess%bfsec.bt.co.uk@localhost>
-is in the CPAN (Comprehensive Perl Archive Network) sites, such as:
-ftp://ftp.cis.ufl.edu/pub/perl/CPAN/modules/by-module/Compress/Compress-Zlib*
+is in the CPAN (Comprehensive Perl Archive Network) sites
+http://www.cpan.org/modules/by-module/Compress/
A Python interface to zlib written by A.M. Kuchling <amk%magnet.com@localhost>
is available in Python 1.5 and later versions, see
@@ -119,7 +118,7 @@
Copyright notice:
- (C) 1995-1998 Jean-loup Gailly and Mark Adler
+ (C) 1995-2002 Jean-loup Gailly and Mark Adler
This software is provided 'as-is', without any express or implied
warranty. In no event will the authors be held liable for any damages
diff -r f2d50636d17a -r 80e680c44dcb lib/libz/infblock.c
--- a/lib/libz/infblock.c Wed Mar 20 22:42:47 2002 +0000
+++ b/lib/libz/infblock.c Wed Mar 20 23:18:04 2002 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: infblock.c,v 1.5 1999/07/03 12:30:55 simonb Exp $ */
+/* $NetBSD: infblock.c,v 1.5.8.1 2002/03/20 23:18:04 he Exp $ */
/* infblock.c -- interpret and process block types to last block
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -251,10 +251,12 @@
&s->sub.trees.tb, s->hufts, z);
if (t != Z_OK)
{
- ZFREE(z, s->sub.trees.blens);
r = t;
if (r == Z_DATA_ERROR)
+ {
+ ZFREE(z, s->sub.trees.blens);
s->mode = BAD;
+ }
LEAVE
}
s->sub.trees.index = 0;
@@ -315,11 +317,13 @@
t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
s->sub.trees.blens, &bl, &bd, &tl, &td,
s->hufts, z);
- ZFREE(z, s->sub.trees.blens);
if (t != Z_OK)
{
if (t == (uInt)Z_DATA_ERROR)
+ {
+ ZFREE(z, s->sub.trees.blens);
s->mode = BAD;
+ }
r = t;
LEAVE
}
@@ -331,6 +335,7 @@
}
s->sub.decode.codes = c;
}
+ ZFREE(z, s->sub.trees.blens);
s->mode = CODES;
case CODES:
UPDATE
diff -r f2d50636d17a -r 80e680c44dcb lib/libz/infcodes.c
--- a/lib/libz/infcodes.c Wed Mar 20 22:42:47 2002 +0000
+++ b/lib/libz/infcodes.c Wed Mar 20 23:18:04 2002 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: infcodes.c,v 1.5 1999/07/03 12:30:56 simonb Exp $ */
+/* $NetBSD: infcodes.c,v 1.5.8.1 2002/03/20 23:18:04 he Exp $ */
/* infcodes.c -- process literals and length/distance pairs
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -198,15 +198,9 @@
Tracevv((stderr, "inflate: distance %u\n", c->sub.copy.dist));
c->mode = COPY;
case COPY: /* o: copying bytes in window, waiting for space */
-#ifndef __TURBOC__ /* Turbo C bug for following expression */
- f = (uInt)(q - s->window) < c->sub.copy.dist ?
- s->end - (c->sub.copy.dist - (q - s->window)) :
- q - c->sub.copy.dist;
-#else
f = q - c->sub.copy.dist;
- if ((uInt)(q - s->window) < c->sub.copy.dist)
- f = s->end - (c->sub.copy.dist - (uInt)(q - s->window));
-#endif
+ while (f < s->window) /* modulo window size-"while" instead */
+ f += s->end - s->window; /* of "if" handles invalid distances */
while (c->len)
{
NEEDOUT
diff -r f2d50636d17a -r 80e680c44dcb lib/libz/inffast.c
--- a/lib/libz/inffast.c Wed Mar 20 22:42:47 2002 +0000
+++ b/lib/libz/inffast.c Wed Mar 20 23:18:04 2002 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: inffast.c,v 1.5 1999/07/03 12:30:56 simonb Exp $ */
+/* $NetBSD: inffast.c,v 1.5.8.1 2002/03/20 23:18:04 he Exp $ */
/* inffast.c -- process literals and length/distance pairs fast
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
@@ -95,28 +95,41 @@
/* do the copy */
m -= c;
- if ((uInt)(q - s->window) >= d) /* offset before dest */
- { /* just copy */
- r = q - d;
- *q++ = *r++; c--; /* minimum count is three, */
- *q++ = *r++; c--; /* so unroll loop a little */
- }
- else /* else offset after destination */
+ r = q - d;
+ if (r < s->window) /* wrap if needed */
{
- e = d - (uInt)(q - s->window); /* bytes from offset to end */
- r = s->end - e; /* pointer to offset */
- if (c > e) /* if source crosses, */
+ do {
+ r += s->end - s->window; /* force pointer in window */
+ } while (r < s->window); /* covers invalid distances */
+ e = s->end - r;
+ if (c > e)
{
- c -= e; /* copy to end of window */
+ c -= e; /* wrapped copy */
+ do {
+ *q++ = *r++;
+ } while (--e);
+ r = s->window;
do {
- *q++ = *r++;
- } while (--e);
- r = s->window; /* copy rest from start of window */
+ *q++ = *r++;
+ } while (--c);
+ }
+ else /* normal copy */
+ {
+ *q++ = *r++; c--;
+ *q++ = *r++; c--;
+ do {
+ *q++ = *r++;
+ } while (--c);
}
}
- do { /* copy all or what's left */
- *q++ = *r++;
- } while (--c);
+ else /* normal copy */
+ {
+ *q++ = *r++; c--;
+ *q++ = *r++; c--;
+ do {
+ *q++ = *r++;
+ } while (--c);
+ }
break;
}
else if ((e & 64) == 0)
diff -r f2d50636d17a -r 80e680c44dcb lib/libz/inflate.c
--- a/lib/libz/inflate.c Wed Mar 20 22:42:47 2002 +0000
+++ b/lib/libz/inflate.c Wed Mar 20 23:18:04 2002 +0000
@@ -1,7 +1,7 @@
-/* $NetBSD: inflate.c,v 1.5 1999/07/03 12:30:56 simonb Exp $ */
+/* $NetBSD: inflate.c,v 1.5.8.1 2002/03/20 23:18:04 he Exp $ */
/* inflate.c -- zlib interface to inflate modules
- * Copyright (C) 1995-1998 Mark Adler
+ * Copyright (C) 1995-2002 Mark Adler
* For conditions of distribution and use, see copyright notice in zlib.h
*/
Home |
Main Index |
Thread Index |
Old Index