gzip/gzip.patch@fd611cde817f
gzip/gzip.patch
Sat, 24 Mar 2012 21:40:49 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Sat, 24 Mar 2012 21:40:49 +0100
- changeset 414
- fd611cde817f
- permissions
- -rw-r--r--
Introduce many changes to the buildconf and source code including:
(01) clean up, update, and partially update default config files,
(02) seems that Melware is unable to perform release engineering so
update chan_capi to new daily snapshot to solve echo problems,
(03) correct Asterisk inadequate hard coded gmime version check,
(04) force postgresql pthreads linkage to solve build problem,
(05) remove buggy hard coded LibXML configure definitions,
(06) remove local architecture specification to allow GCC
internal logic to determine proper CPU type instead,
(07) remove vendor sound install target causing uncontrolled
downloads and non RPM managed file installation,
(08) solve long outstanding bug in tcptls causing Asterisk
to ignore any intermediate CA certificate signatures,
(09) back out Digium engineering team's bright idea of replacing the
very portable and pervasive POSIX rand(1) with ast_random(), and
then not even implementing it causing all references to fail in
platforms not providing the very new POSIX.1-2008 mkdtemp(3)
function only distributed by BSD and some Linux,
(10) withdraw advanced linker symbol manipulations from SVR5 builds
until either Binutils supports hybrid versioned and anonymous
linker scripts or GCC stops hard coding versioned linker scripts,
(11) correct missing library linkage, some tailored to a specific OS,
(12) remove outdated logic for the no longer distributed gmime-config(1),
(13) remove local gmime buildconf hacks now that Asterisk has corrected
their own build configuration to almost portably support gmime,
(14) solve build problems relating to undetected LibXML paths,
(15) correct erroneous out of tree include definitions,
(16) improve some variable and comment naming,
(17) simplify sound language path hierarchy creation,
and correct australian english installation logic.
1 Security Fix
3 Index: gzip.c
4 --- gzip.c.orig 2009-09-26 20:56:02 +0200
5 +++ gzip.c 2009-10-07 07:59:53 +0200
6 @@ -168,7 +168,7 @@
7 DECLARE(uch, inbuf, INBUFSIZ +INBUF_EXTRA);
8 DECLARE(uch, outbuf, OUTBUFSIZ+OUTBUF_EXTRA);
9 DECLARE(ush, d_buf, DIST_BUFSIZE);
10 -DECLARE(uch, window, 2L*WSIZE);
11 +DECLARE(uch, window, 2L*WSIZE + 4096); /* enlarge to avoid crashs due to peeking beyond the buffer end */
12 #ifndef MAXSEG_64K
13 DECLARE(ush, tab_prefix, 1L<<BITS);
14 #else
16 -----------------------------------------------------------------------------
18 Security Fixes
19 - OOB write (CVE-2006-4335)
20 - Buffer underflow (CVE-2006-4336)
21 - Buffer overflow (CVE-2006-4337)
22 - Infinite loop (CVE-2006-4338)
24 Index: gzip.h
25 --- gzip.h.orig 2009-09-26 20:43:28 +0200
26 +++ gzip.h 2009-10-07 07:59:53 +0200
27 @@ -223,6 +223,8 @@
28 extern int to_stdout; /* output to stdout (-c) */
29 extern int save_orig_name; /* set if original name must be saved */
31 +#define MIN(a,b) ((a) <= (b) ? (a) : (b))
32 +
33 #define get_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(0))
34 #define try_byte() (inptr < insize ? inbuf[inptr++] : fill_inbuf(1))
36 Index: unlzh.c
37 --- unlzh.c.orig 2009-09-26 20:20:40 +0200
38 +++ unlzh.c 2009-10-07 07:59:53 +0200
39 @@ -141,12 +141,17 @@
40 unsigned i, k, len, ch, jutbits, avail, nextcode, mask;
42 for (i = 1; i <= 16; i++) count[i] = 0;
43 - for (i = 0; i < (unsigned)nchar; i++) count[bitlen[i]]++;
44 + for (i = 0; i < (unsigned)nchar; i++) {
45 + if (bitlen[i] > 16)
46 + error("Bad table\n");
47 + else
48 + count[bitlen[i]]++;
49 + }
51 start[1] = 0;
52 for (i = 1; i <= 16; i++)
53 start[i + 1] = start[i] + (count[i] << (16 - i));
54 - if ((start[17] & 0xffff) != 0)
55 + if ((start[17] & 0xffff) != 0 || tablebits > 16) /* 16 for weight below */
56 gzip_error ("Bad table\n");
58 jutbits = 16 - tablebits;
59 @@ -161,15 +166,15 @@
61 i = start[tablebits + 1] >> jutbits;
62 if (i != 0) {
63 - k = 1 << tablebits;
64 - while (i != k) table[i++] = 0;
65 + k = MIN(1 << tablebits, DIST_BUFSIZE);
66 + while (i < k) table[i++] = 0;
67 }
69 avail = nchar;
70 mask = (unsigned) 1 << (15 - tablebits);
71 for (ch = 0; ch < (unsigned)nchar; ch++) {
72 if ((len = bitlen[ch]) == 0) continue;
73 - nextcode = start[len] + weight[len];
74 + nextcode = MIN(start[len] + weight[len], DIST_BUFSIZE);
75 if (len <= (unsigned)tablebits) {
76 if ((unsigned) 1 << tablebits < nextcode)
77 gzip_error ("Bad table\n");
78 @@ -212,7 +217,7 @@
79 for (i = 0; i < 256; i++) pt_table[i] = c;
80 } else {
81 i = 0;
82 - while (i < n) {
83 + while (i < MIN(n,NPT)) {
84 c = bitbuf >> (BITBUFSIZ - 3);
85 if (c == 7) {
86 mask = (unsigned) 1 << (BITBUFSIZ - 1 - 3);
87 @@ -224,7 +229,7 @@
88 pt_len[i++] = c;
89 if (i == i_special) {
90 c = getbits(2);
91 - while (--c >= 0) pt_len[i++] = 0;
92 + while (--c >= 0 && i < NPT) pt_len[i++] = 0;
93 }
94 }
95 while (i < nn) pt_len[i++] = 0;
96 @@ -244,7 +249,7 @@
97 for (i = 0; i < 4096; i++) c_table[i] = c;
98 } else {
99 i = 0;
100 - while (i < n) {
101 + while (i < MIN(n,NC)) {
102 c = pt_table[bitbuf >> (BITBUFSIZ - 8)];
103 if (c >= NT) {
104 mask = (unsigned) 1 << (BITBUFSIZ - 1 - 8);
105 @@ -252,14 +257,14 @@
106 if (bitbuf & mask) c = right[c];
107 else c = left [c];
108 mask >>= 1;
109 - } while (c >= NT);
110 + } while (c >= NT && (mask || c != left[c]));
111 }
112 fillbuf((int) pt_len[c]);
113 if (c <= 2) {
114 if (c == 0) c = 1;
115 else if (c == 1) c = getbits(4) + 3;
116 else c = getbits(CBIT) + 20;
117 - while (--c >= 0) c_len[i++] = 0;
118 + while (--c >= 0 && i < NC) c_len[i++] = 0;
119 } else c_len[i++] = c - 2;
120 }
121 while (i < NC) c_len[i++] = 0;
122 @@ -288,7 +293,7 @@
123 if (bitbuf & mask) j = right[j];
124 else j = left [j];
125 mask >>= 1;
126 - } while (j >= NC);
127 + } while (j >= NC && (mask || j != left[j]));
128 }
129 fillbuf((int) c_len[j]);
130 return j;
131 @@ -305,7 +310,7 @@
132 if (bitbuf & mask) j = right[j];
133 else j = left [j];
134 mask >>= 1;
135 - } while (j >= NP);
136 + } while (j >= NP && (mask || j != left[j]));
137 }
138 fillbuf((int) pt_len[j]);
139 if (j != 0) j = ((unsigned) 1 << (j - 1)) + getbits((int) (j - 1));
140 @@ -352,7 +357,7 @@
141 while (--j >= 0) {
142 buffer[r] = buffer[i];
143 i = (i + 1) & (DICSIZ - 1);
144 - if (++r == count) return r;
145 + if (++r >= count) return r;
146 }
147 for ( ; ; ) {
148 c = decode_c();
149 @@ -362,14 +367,14 @@
150 }
151 if (c <= UCHAR_MAX) {
152 buffer[r] = c;
153 - if (++r == count) return r;
154 + if (++r >= count) return r;
155 } else {
156 j = c - (UCHAR_MAX + 1 - THRESHOLD);
157 i = (r - decode_p() - 1) & (DICSIZ - 1);
158 while (--j >= 0) {
159 buffer[r] = buffer[i];
160 i = (i + 1) & (DICSIZ - 1);
161 - if (++r == count) return r;
162 + if (++r >= count) return r;
163 }
164 }
165 }
166 Index: unpack.c
167 --- unpack.c.orig 2009-09-26 20:43:28 +0200
168 +++ unpack.c 2009-10-07 07:59:53 +0200
169 @@ -22,7 +22,6 @@
170 #include "gzip.h"
171 #include "crypt.h"
173 -#define MIN(a,b) ((a) <= (b) ? (a) : (b))
174 /* The arguments must not have side effects. */
176 #define MAX_BITLEN 25
177 @@ -146,7 +145,7 @@
178 /* Remember where the literals of this length start in literal[] : */
179 lit_base[len] = base;
180 /* And read the literals: */
181 - for (n = leaves[len]; n > 0; n--) {
182 + for (n = leaves[len]; n > 0 && base < LITERALS; n--) {
183 literal[base++] = (uch)get_byte();
184 }
185 }
186 @@ -182,7 +181,7 @@
187 prefixp = &prefix_len[1<<peek_bits];
188 for (len = 1; len <= peek_bits; len++) {
189 int prefixes = leaves[len] << (peek_bits-len); /* may be 0 */
190 - while (prefixes--) *--prefixp = (uch)len;
191 + while (prefixes-- && prefixp > prefix_len) *--prefixp = (uch)len;
192 }
193 /* The length of all other codes is unknown: */
194 while (prefixp > prefix_len) *--prefixp = 0;
