From nobody Fri Aug 5 13:34:33 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Lzmm94qWsz4Y05d; Fri, 5 Aug 2022 13:34:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Lzmm94Jx9z3J5Z; Fri, 5 Aug 2022 13:34:33 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659706473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1eR1/IBWifkrpO2jALzIdNU5UxQu+bY/jxY7Wtltd5I=; b=st2RfABZiTJyLVgLVEMhkg+whC0qUmkxa3GQlRRHvNlq/vDUmqMh7svhNR1c7PWvKLfDhI R8L/Ome2LABiPd/wTxvsdkJ3ZmzEE407ertawJ60ZeYEK0/vI1pM8T02bijKJ2+y5nUtLW zW8gt0nBxjJCn8IuA44fFK1NmgW1AwFx2/CsHY+/Q2qpuj+1OpxmhO3FBmw0e1U6dRpXBd 4zEmc5FzAIOxNwNZ0rwCi/yPnQa6WgH+DbD0kP3U2nLyeWBZ4iKdpjzIb2Y6fxGBWPZsNx wWaDkzViuskl3fVM0GzOiZwei0QbXhsbyiY+9o1ULz3AcvJjehJhYpO+Q/Ll5g== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4Lzmm93Kpqzw53; Fri, 5 Aug 2022 13:34:33 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 275DYX7K084111; Fri, 5 Aug 2022 13:34:33 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 275DYXuH084110; Fri, 5 Aug 2022 13:34:33 GMT (envelope-from git) Date: Fri, 5 Aug 2022 13:34:33 GMT Message-Id: <202208051334.275DYXuH084110@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ed Maste Subject: git: dc3509f1aafc - main - zlib: Fix a bug when getting a gzip header extra field with inflate(). List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: dc3509f1aafcd966f3dd9226115cf94b691ff3c7 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1659706473; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=1eR1/IBWifkrpO2jALzIdNU5UxQu+bY/jxY7Wtltd5I=; b=ooTflL4IDNOhQLY3cvEMTH8VH9LL2Pf5t5rvS0x6ZF2Y43+Uh6A8isodl51l5IRAjN/uCa yBrbyTutD7QdGXYyBGQR+XM4xLOcACi84zJCK+M+G/D8rOpEaG6wI292Fl8If9aNi1QqcH 2QgCgsKgE789Ge22IQvnE+aRrSG3qzhKHWllhmPFxxPlXeytn7IPoG+VqjI84wUn5j1Yfp vw9l9/G0afMegQXIBMreXau4VDDLXO/ICdmR/yM7PsA5k/cHcfTzS1ppAWZjnu8c0Sl/+u ZTschnEgHBLVc36mr8XAsEmCiB2WUwZClPqTGpFdqnaWYOQV+0PLQLc4ajbjrA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1659706473; a=rsa-sha256; cv=none; b=YdGSujltFLDeL6N7AEEZ72c+KP0VwdNCwQ3y2hKiTCz34Q78wUd+EFDNi6ZmI8HVpNGJd/ jWBgSD78/ZE1Gpm9JYj3iPd/ezVAMvR72P71HzEE/wakYQWwBiYe0qDRZmdrb8OOWgOx6r IoIDIH9uOT5Jk6mh+jJHxLwtuZJFw3/ErP/VAPyvOPfUBPLeR4PkPvjVGScrBh7EUZP6xM MZJL8wLPP9Yzo07n2fy8FwXj/w8belgBnJcYQKB0L+L4HAqj358s04Kjj+qNRLI9e2vfGb C6CaNEAwmW44P3mEY2KE7PUyZwmjJjZno34XH4Yad2YA+Jc5H3gRwG5M9186mA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=dc3509f1aafcd966f3dd9226115cf94b691ff3c7 commit dc3509f1aafcd966f3dd9226115cf94b691ff3c7 Author: Mark Adler AuthorDate: 2022-07-30 22:51:11 +0000 Commit: Ed Maste CommitDate: 2022-08-05 02:30:20 +0000 zlib: Fix a bug when getting a gzip header extra field with inflate(). If the extra field was larger than the space the user provided with inflateGetHeader(), and if multiple calls of inflate() delivered the extra header data, then there could be a buffer overflow of the provided space. This commit assures that provided space is not exceeded. (cherry picked from zlib commit eff308af425b67093bab25f80f1ae950166bece1) --- sys/contrib/zlib/inflate.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/contrib/zlib/inflate.c b/sys/contrib/zlib/inflate.c index 499626d87a1c..345366eed406 100644 --- a/sys/contrib/zlib/inflate.c +++ b/sys/contrib/zlib/inflate.c @@ -763,9 +763,10 @@ int flush; copy = state->length; if (copy > have) copy = have; if (copy) { + len = state->head->extra_len - state->length; if (state->head != Z_NULL && - state->head->extra != Z_NULL) { - len = state->head->extra_len - state->length; + state->head->extra != Z_NULL && + len < state->head->extra_max) { zmemcpy(state->head->extra + len, next, len + copy > state->head->extra_max ? state->head->extra_max - len : copy);