OpenPKG Specs / file diff

diff: gzip/gzip.patch

gzip/gzip.patch

changeset 619
c1ab501b4751
parent 618
ad6720734733
child 620
7a6617235946
     1.1 --- a/gzip/gzip.patch	Tue Aug 28 18:54:40 2012 +0200
     1.2 +++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
     1.3 @@ -1,194 +0,0 @@
     1.4 -Security Fix
     1.5 -
     1.6 -Index: gzip.c
     1.7 ---- gzip.c.orig	2009-09-26 20:56:02 +0200
     1.8 -+++ gzip.c	2009-10-07 07:59:53 +0200
     1.9 -@@ -168,7 +168,7 @@
    1.10 - DECLARE(uch, inbuf,  INBUFSIZ +INBUF_EXTRA);
    1.11 - DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
    1.12 - DECLARE(ush, d_buf,  DIST_BUFSIZE);
    1.13 --DECLARE(uch, window, 2L*WSIZE);
    1.14 -+DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */
    1.15 - #ifndef MAXSEG_64K
    1.16 -     DECLARE(ush, tab_prefix, 1L<<BITS);
    1.17 - #else
    1.18 -
    1.19 ------------------------------------------------------------------------------
    1.20 -
    1.21 -Security Fixes 
    1.22 -- OOB write        (CVE-2006-4335)
    1.23 -- Buffer underflow (CVE-2006-4336)
    1.24 -- Buffer overflow  (CVE-2006-4337)
    1.25 -- Infinite loop    (CVE-2006-4338)
    1.26 -
    1.27 -Index: gzip.h
    1.28 ---- gzip.h.orig	2009-09-26 20:43:28 +0200
    1.29 -+++ gzip.h	2009-10-07 07:59:53 +0200
    1.30 -@@ -223,6 +223,8 @@
    1.31 - extern int to_stdout;      /* output to stdout (-c) */
    1.32 - extern int save_orig_name; /* set if original name must be saved */
    1.33 - 
    1.34 -+#define MIN(a,b) ((a) <= (b) ? (a) : (b))
    1.35 -+
    1.36 - #define get_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
    1.37 - #define try_byte()  (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
    1.38 - 
    1.39 -Index: unlzh.c
    1.40 ---- unlzh.c.orig	2009-09-26 20:20:40 +0200
    1.41 -+++ unlzh.c	2009-10-07 07:59:53 +0200
    1.42 -@@ -141,12 +141,17 @@
    1.43 -     unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
    1.44 - 
    1.45 -     for (i = 1; i <= 16; i++) count[i] = 0;
    1.46 --    for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
    1.47 -+    for (i = 0; i < (unsigned)nchar; i++) {
    1.48 -+        if (bitlen[i] > 16)
    1.49 -+            error("Bad table\n");
    1.50 -+        else
    1.51 -+            count[bitlen[i]]++;
    1.52 -+    }
    1.53 - 
    1.54 -     start[1] = 0;
    1.55 -     for (i = 1; i <= 16; i++)
    1.56 - 	start[i + 1] = start[i] + (count[i] << (16 - i));
    1.57 --    if ((start[17] & 0xffff) != 0)
    1.58 -+    if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
    1.59 -       gzip_error ("Bad table\n");
    1.60 - 
    1.61 -     jutbits = 16 - tablebits;
    1.62 -@@ -161,15 +166,15 @@
    1.63 - 
    1.64 -     i = start[tablebits + 1] >> jutbits;
    1.65 -     if (i != 0) {
    1.66 --	k = 1 << tablebits;
    1.67 --	while (i != k) table[i++] = 0;
    1.68 -+	k = MIN(1 << tablebits, DIST_BUFSIZE);
    1.69 -+	while (i < k) table[i++] = 0;
    1.70 -     }
    1.71 - 
    1.72 -     avail = nchar;
    1.73 -     mask = (unsigned) 1 << (15 - tablebits);
    1.74 -     for (ch = 0; ch < (unsigned)nchar; ch++) {
    1.75 - 	if ((len = bitlen[ch]) == 0) continue;
    1.76 --	nextcode = start[len] + weight[len];
    1.77 -+	nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
    1.78 - 	if (len <= (unsigned)tablebits) {
    1.79 - 	    if ((unsigned) 1 << tablebits < nextcode)
    1.80 - 	      gzip_error ("Bad table\n");
    1.81 -@@ -212,7 +217,7 @@
    1.82 - 	for (i = 0; i < 256; i++) pt_table[i] = c;
    1.83 -     } else {
    1.84 - 	i = 0;
    1.85 --	while (i < n) {
    1.86 -+	while (i < MIN(n,NPT)) {
    1.87 - 	    c = bitbuf >> (BITBUFSIZ - 3);
    1.88 - 	    if (c == 7) {
    1.89 - 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
    1.90 -@@ -224,7 +229,7 @@
    1.91 - 	    pt_len[i++] = c;
    1.92 - 	    if (i == i_special) {
    1.93 - 		c = getbits(2);
    1.94 --		while (--c >= 0) pt_len[i++] = 0;
    1.95 -+		while (--c >= 0 && i < NPT) pt_len[i++] = 0;
    1.96 - 	    }
    1.97 - 	}
    1.98 - 	while (i < nn) pt_len[i++] = 0;
    1.99 -@@ -244,7 +249,7 @@
   1.100 - 	for (i = 0; i < 4096; i++) c_table[i] = c;
   1.101 -     } else {
   1.102 - 	i = 0;
   1.103 --	while (i < n) {
   1.104 -+	while (i < MIN(n,NC)) {
   1.105 - 	    c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
   1.106 - 	    if (c >= NT) {
   1.107 - 		mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
   1.108 -@@ -252,14 +257,14 @@
   1.109 - 		    if (bitbuf & mask) c = right[c];
   1.110 - 		    else               c = left [c];
   1.111 - 		    mask >>= 1;
   1.112 --		} while (c >= NT);
   1.113 -+		} while (c >= NT && (mask || c != left[c]));
   1.114 - 	    }
   1.115 - 	    fillbuf((int) pt_len[c]);
   1.116 - 	    if (c <= 2) {
   1.117 - 		if      (c == 0) c = 1;
   1.118 - 		else if (c == 1) c = getbits(4) + 3;
   1.119 - 		else             c = getbits(CBIT) + 20;
   1.120 --		while (--c >= 0) c_len[i++] = 0;
   1.121 -+		while (--c >= 0 && i < NC) c_len[i++] = 0;
   1.122 - 	    } else c_len[i++] = c - 2;
   1.123 - 	}
   1.124 - 	while (i < NC) c_len[i++] = 0;
   1.125 -@@ -288,7 +293,7 @@
   1.126 - 	    if (bitbuf & mask) j = right[j];
   1.127 - 	    else               j = left [j];
   1.128 - 	    mask >>= 1;
   1.129 --	} while (j >= NC);
   1.130 -+	} while (j >= NC && (mask || j != left[j]));
   1.131 -     }
   1.132 -     fillbuf((int) c_len[j]);
   1.133 -     return j;
   1.134 -@@ -305,7 +310,7 @@
   1.135 - 	    if (bitbuf & mask) j = right[j];
   1.136 - 	    else               j = left [j];
   1.137 - 	    mask >>= 1;
   1.138 --	} while (j >= NP);
   1.139 -+	} while (j >= NP && (mask || j != left[j]));
   1.140 -     }
   1.141 -     fillbuf((int) pt_len[j]);
   1.142 -     if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
   1.143 -@@ -352,7 +357,7 @@
   1.144 -     while (--j >= 0) {
   1.145 - 	buffer[r] = buffer[i];
   1.146 - 	i = (i + 1) & (DICSIZ - 1);
   1.147 --	if (++r == count) return r;
   1.148 -+	if (++r >= count) return r;
   1.149 -     }
   1.150 -     for ( ; ; ) {
   1.151 - 	c = decode_c();
   1.152 -@@ -362,14 +367,14 @@
   1.153 - 	}
   1.154 - 	if (c <= UCHAR_MAX) {
   1.155 - 	    buffer[r] = c;
   1.156 --	    if (++r == count) return r;
   1.157 -+	    if (++r >= count) return r;
   1.158 - 	} else {
   1.159 - 	    j = c - (UCHAR_MAX + 1 - THRESHOLD);
   1.160 - 	    i = (r - decode_p() - 1) & (DICSIZ - 1);
   1.161 - 	    while (--j >= 0) {
   1.162 - 		buffer[r] = buffer[i];
   1.163 - 		i = (i + 1) & (DICSIZ - 1);
   1.164 --		if (++r == count) return r;
   1.165 -+		if (++r >= count) return r;
   1.166 - 	    }
   1.167 - 	}
   1.168 -     }
   1.169 -Index: unpack.c
   1.170 ---- unpack.c.orig	2009-09-26 20:43:28 +0200
   1.171 -+++ unpack.c	2009-10-07 07:59:53 +0200
   1.172 -@@ -22,7 +22,6 @@
   1.173 - #include "gzip.h"
   1.174 - #include "crypt.h"
   1.175 - 
   1.176 --#define MIN(a,b) ((a) <= (b) ? (a) : (b))
   1.177 - /* The arguments must not have side effects. */
   1.178 - 
   1.179 - #define MAX_BITLEN 25
   1.180 -@@ -146,7 +145,7 @@
   1.181 - 	/* Remember where the literals of this length start in literal[] : */
   1.182 - 	lit_base[len] = base;
   1.183 - 	/* And read the literals: */
   1.184 --	for (n = leaves[len]; n > 0; n--) {
   1.185 -+	for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
   1.186 - 	    literal[base++] = (uch)get_byte();
   1.187 - 	}
   1.188 -     }
   1.189 -@@ -182,7 +181,7 @@
   1.190 -     prefixp = &prefix_len[1<<peek_bits];
   1.191 -     for (len = 1; len <= peek_bits; len++) {
   1.192 - 	int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
   1.193 --	while (prefixes--) *--prefixp = (uch)len;
   1.194 -+	while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
   1.195 -     }
   1.196 -     /* The length of all other codes is unknown: */
   1.197 -     while (prefixp > prefix_len) *--prefixp = 0;

Mercurial Repository: OpenPKG Specs

Europalab SCM Repository Server

mercurial