Fix possible buffer overflow in zlib, FreeBSD-SA-05:16.zlib.
authorSimon Schubert <corecode@dragonflybsd.org>
Wed, 6 Jul 2005 15:02:06 +0000 (15:02 +0000)
committerSimon Schubert <corecode@dragonflybsd.org>
Wed, 6 Jul 2005 15:02:06 +0000 (15:02 +0000)
Thanks to Collin Percival for giving us a heads up.

Obtained-from: FreeBSD

lib/libz/Makefile
lib/libz/Makefile.stand
lib/libz/patches/inftrees.c.patch [new file with mode: 0644]

index fa13c22..554e70c 100644 (file)
@@ -1,6 +1,6 @@
 #
 # $FreeBSD: src/lib/libz/Makefile,v 1.11.2.4 2003/02/01 13:33:12 sobomax Exp $
-# $DragonFly: src/lib/libz/Makefile,v 1.7 2005/04/20 20:01:09 joerg Exp $
+# $DragonFly: src/lib/libz/Makefile,v 1.8 2005/07/06 15:02:06 corecode Exp $
 #
 
 LIB=           z
@@ -18,6 +18,8 @@ SRCS= adler32.c compress.c crc32.c deflate.c gzio.c infback.c
 SRCS+= inffast.c inflate.c inftrees.c trees.c uncompr.c zopen.c zutil.c
 SRCS+= ${PATCHES}
 
+CFLAGS+= -I${.OBJDIR} -I${CONTRIBDIR}
+
 INCS=          zconf.h zlib.h
 
 minigzip:      all minigzip.o
index 5980916..18945ad 100644 (file)
@@ -1,9 +1,10 @@
-# $DragonFly: src/lib/libz/Makefile.stand,v 1.1 2004/10/23 15:58:18 joerg Exp $
+# $DragonFly: src/lib/libz/Makefile.stand,v 1.2 2005/07/06 15:02:06 corecode Exp $
 
 # decompression functionality from libz for libstand
 
 # relative to lib/libstand
 .PATH: ${.CURDIR}/../../contrib/zlib-1.2.2
 CFLAGS+=-DHAVE_MEMCPY
+ZLIB_PATCHES!= ${.CURDIR}/../../contrib/zlib-1.2.2/patches/*.patch
 SRCS+= adler32.c crc32.c deflate.c infback.c inffast.c inflate.c \
-       inftrees.c zutil.c
+       inftrees.c zutil.c ${ZLIB_PATCHES}
diff --git a/lib/libz/patches/inftrees.c.patch b/lib/libz/patches/inftrees.c.patch
new file mode 100644 (file)
index 0000000..827addf
--- /dev/null
@@ -0,0 +1,17 @@
+$DragonFly: src/lib/libz/patches/Attic/inftrees.c.patch,v 1.1 2005/07/06 15:02:06 corecode Exp $
+Index: inftrees.c
+===================================================================
+RCS file: /space/cvs/dragonfly/src/contrib/zlib-1.2.2/inftrees.c,v
+retrieving revision 1.1
+diff -u -r1.1 inftrees.c
+--- inftrees.c 23 Oct 2004 13:49:54 -0000      1.1
++++ inftrees.c 6 Jul 2005 14:44:49 -0000
+@@ -134,7 +134,7 @@
+         left -= count[len];
+         if (left < 0) return -1;        /* over-subscribed */
+     }
+-    if (left > 0 && (type == CODES || (codes - count[0] != 1)))
++    if (left > 0 && (type == CODES || max != 1))
+         return -1;                      /* incomplete set */
+     /* generate offsets into symbol table for each length for sorting */