r637 - trunk/zlib

jim at linuxfromscratch.org jim at linuxfromscratch.org
Sun Sep 12 15:07:09 PDT 2004


Author: jim
Date: 2004-09-12 16:07:08 -0600 (Sun, 12 Sep 2004)
New Revision: 637

Added:
   trunk/zlib/zlib-1.2.1-security-1.patch
Log:
Added: zlib-1.2.1-security-1.patch

Added: trunk/zlib/zlib-1.2.1-security-1.patch
===================================================================
--- trunk/zlib/zlib-1.2.1-security-1.patch	2004-09-12 22:06:34 UTC (rev 636)
+++ trunk/zlib/zlib-1.2.1-security-1.patch	2004-09-12 22:07:08 UTC (rev 637)
@@ -0,0 +1,35 @@
+Submitted By: Matthew Burgess <matthew at linuxfromscratch dot org>
+Date: 2004-09-12
+Initial Package Version: 1.2.1
+Upstream Status: From - 1.2.2 should contain the fix
+Origin: http://bugs.gentoo.org/show_bug.cgi?id=61749
+Description: Zlib versions 1.2.x are susceptible to a denial of service
+             vulnerability.  Originally discovered via a debian bug, this issue
+             became CAN-2004-0797.
+
+diff -Naur zlib-1.2.1.orig/infback.c zlib-1.2.1/infback.c
+--- zlib-1.2.1.orig/infback.c	2003-08-11 23:48:06.000000000 +0000
++++ zlib-1.2.1/infback.c	2004-09-12 13:09:39.436425352 +0000
+@@ -434,6 +434,9 @@
+                 }
+             }
+ 
++            if (state->mode == BAD)
++                break;
++
+             /* build code tables */
+             state->next = state->codes;
+             state->lencode = (code const FAR *)(state->next);
+diff -Naur zlib-1.2.1.orig/inflate.c zlib-1.2.1/inflate.c
+--- zlib-1.2.1.orig/inflate.c	2003-10-26 06:15:36.000000000 +0000
++++ zlib-1.2.1/inflate.c	2004-09-12 13:10:08.083070400 +0000
+@@ -861,6 +861,9 @@
+                 }
+             }
+ 
++            if (state->mode == BAD)
++               break;
++
+             /* build code tables */
+             state->next = state->codes;
+             state->lencode = (code const FAR *)(state->next);




More information about the patches mailing list