diff options
author | Chee Yang Lee <chee.yang.lee@intel.com> | 2022-08-18 10:28:23 +0800 |
---|---|---|
committer | Anuj Mittal <anuj.mittal@intel.com> | 2022-08-18 11:29:40 +0800 |
commit | e64954db5944bd9397357f0b2ebd58412a576993 (patch) | |
tree | fe5733ac8ace6203ecc118828bc394f11710fc99 | |
parent | 98709728a65198abe1b775dba830fa9092011668 (diff) | |
download | meta-intel-e64954db5944bd9397357f0b2ebd58412a576993.tar.gz |
zlib: fix CVE-2022-37434
Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
-rw-r--r-- | recipes-core/zlib/files/CVE-2022-37434.patch | 37 | ||||
-rw-r--r-- | recipes-core/zlib/zlib-intel_1.2.11.1.jtkv6.3.bb | 1 |
2 files changed, 38 insertions, 0 deletions
diff --git a/recipes-core/zlib/files/CVE-2022-37434.patch b/recipes-core/zlib/files/CVE-2022-37434.patch new file mode 100644 index 00000000..052cdf60 --- /dev/null +++ b/recipes-core/zlib/files/CVE-2022-37434.patch | |||
@@ -0,0 +1,37 @@ | |||
1 | From eff308af425b67093bab25f80f1ae950166bece1 Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Adler <fork@madler.net> | ||
3 | Date: Sat, 30 Jul 2022 15:51:11 -0700 | ||
4 | Subject: [PATCH] Fix a bug when getting a gzip header extra field with | ||
5 | inflate(). | ||
6 | |||
7 | If the extra field was larger than the space the user provided with | ||
8 | inflateGetHeader(), and if multiple calls of inflate() delivered | ||
9 | the extra header data, then there could be a buffer overflow of the | ||
10 | provided space. This commit assures that provided space is not | ||
11 | exceeded. | ||
12 | |||
13 | Upstream-Status: Backport | ||
14 | [ https://github.com/madler/zlib/commit/eff308af425b67093bab25f80f1ae950166bece1 ] | ||
15 | CVE: CVE-2022-37434 | ||
16 | Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com> | ||
17 | --- | ||
18 | inflate.c | 5 +++-- | ||
19 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
20 | |||
21 | diff --git a/inflate.c b/inflate.c | ||
22 | index 7be8c6366..7a7289749 100644 | ||
23 | --- a/inflate.c | ||
24 | +++ b/inflate.c | ||
25 | @@ -763,9 +763,10 @@ int flush; | ||
26 | copy = state->length; | ||
27 | if (copy > have) copy = have; | ||
28 | if (copy) { | ||
29 | + len = state->head->extra_len - state->length; | ||
30 | if (state->head != Z_NULL && | ||
31 | - state->head->extra != Z_NULL) { | ||
32 | - len = state->head->extra_len - state->length; | ||
33 | + state->head->extra != Z_NULL && | ||
34 | + len < state->head->extra_max) { | ||
35 | zmemcpy(state->head->extra + len, next, | ||
36 | len + copy > state->head->extra_max ? | ||
37 | state->head->extra_max - len : copy); | ||
diff --git a/recipes-core/zlib/zlib-intel_1.2.11.1.jtkv6.3.bb b/recipes-core/zlib/zlib-intel_1.2.11.1.jtkv6.3.bb index 27bfd9b1..038171dc 100644 --- a/recipes-core/zlib/zlib-intel_1.2.11.1.jtkv6.3.bb +++ b/recipes-core/zlib/zlib-intel_1.2.11.1.jtkv6.3.bb | |||
@@ -11,6 +11,7 @@ SRC_URI = "git://github.com/jtkukunas/zlib.git;protocol=https;branch=master \ | |||
11 | file://run-ptest \ | 11 | file://run-ptest \ |
12 | file://CVE-2018-25032-fuzz-fixed.patch \ | 12 | file://CVE-2018-25032-fuzz-fixed.patch \ |
13 | file://fix-removed-last-lit.patch \ | 13 | file://fix-removed-last-lit.patch \ |
14 | file://CVE-2022-37434.patch \ | ||
14 | " | 15 | " |
15 | 16 | ||
16 | SRCREV = "a43a247bfa16ec5368747b5b64f11ea5ca033010" | 17 | SRCREV = "a43a247bfa16ec5368747b5b64f11ea5ca033010" |