diff options
Diffstat (limited to 'meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch')
-rw-r--r-- | meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch | 36 |
1 files changed, 0 insertions, 36 deletions
diff --git a/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch b/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch deleted file mode 100644 index a0978c5f95..0000000000 --- a/meta/recipes-core/zlib/zlib/0001-Fix-extra-field-processing-bug-that-dereferences-NUL.patch +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | From 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d Mon Sep 17 00:00:00 2001 | ||
2 | From: Mark Adler <fork@madler.net> | ||
3 | Date: Mon, 8 Aug 2022 10:50:09 -0700 | ||
4 | Subject: [PATCH] Fix extra field processing bug that dereferences NULL | ||
5 | state->head. | ||
6 | |||
7 | The recent commit to fix a gzip header extra field processing bug | ||
8 | introduced the new bug fixed here. | ||
9 | |||
10 | CVE: CVE-2022-37434 | ||
11 | Upstream-Status: Backport [https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d] | ||
12 | Signed-off-by: Khem Raj <raj.khem@gmail.com> | ||
13 | --- | ||
14 | inflate.c | 4 ++-- | ||
15 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
16 | |||
17 | diff --git a/inflate.c b/inflate.c | ||
18 | index 7a72897..2a3c4fe 100644 | ||
19 | --- a/inflate.c | ||
20 | +++ b/inflate.c | ||
21 | @@ -763,10 +763,10 @@ int flush; | ||
22 | copy = state->length; | ||
23 | if (copy > have) copy = have; | ||
24 | if (copy) { | ||
25 | - len = state->head->extra_len - state->length; | ||
26 | if (state->head != Z_NULL && | ||
27 | state->head->extra != Z_NULL && | ||
28 | - len < state->head->extra_max) { | ||
29 | + (len = state->head->extra_len - state->length) < | ||
30 | + state->head->extra_max) { | ||
31 | zmemcpy(state->head->extra + len, next, | ||
32 | len + copy > state->head->extra_max ? | ||
33 | state->head->extra_max - len : copy); | ||
34 | -- | ||
35 | 2.37.2 | ||
36 | |||