Skip site navigation (1)Skip section navigation (2) 
Date:      Wed, 6 Apr 2022 03:04:52 GMT
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 9bd5d46c0298 - releng/12.3 - Assure that the number of bits for deflatePrime() is valid.
Message-ID:  <202204060304.23634q8S035249@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help 
The branch releng/12.3 has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=9bd5d46c0298dd2efcf0e74fa102c079e683b9a7

commit 9bd5d46c0298dd2efcf0e74fa102c079e683b9a7
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2022-04-05 23:34:52 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2022-04-05 23:34:52 +0000

    Assure that the number of bits for deflatePrime() is valid.
    
    Cherry picked from zlib 4346a16853e19b45787ce933666026903fb8f3f8
    
    Approved by:    so
    Security:       FreeBSD-SA-22:08.zlib
---
 sys/contrib/zlib/deflate.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/sys/contrib/zlib/deflate.c b/sys/contrib/zlib/deflate.c
index 50e8eb84c429..587ee5e28abc 100644
--- a/sys/contrib/zlib/deflate.c
+++ b/sys/contrib/zlib/deflate.c
@@ -589,7 +589,8 @@ int ZEXPORT deflatePrime (strm, bits, value)
 
     if (deflateStateCheck(strm)) return Z_STREAM_ERROR;
     s = strm->state;
-    if (s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
+    if (bits < 0 || bits > 16 ||
+        s->sym_buf < s->pending_out + ((Buf_size + 7) >> 3))
         return Z_BUF_ERROR;
     do {
         put = Buf_size - s->bi_valid;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202204060304.23634q8S035249>