[OE-core] [morty][PATCH 3/4] zlib: Fix CVE-2016-9842
George McCollister
george.mccollister at gmail.com
Tue Nov 14 20:01:05 UTC 2017
Add backported patch to fix CVE-2016-9842 which was fixed in zlib 1.2.9
https://nvd.nist.gov/vuln/detail/CVE-2016-9842
Signed-off-by: George McCollister <george.mccollister at gmail.com>
---
.../zlib/zlib-1.2.8/CVE-2016-9842.patch | 35 ++++++++++++++++++++++
meta/recipes-core/zlib/zlib_1.2.8.bb | 1 +
2 files changed, 36 insertions(+)
create mode 100644 meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch
diff --git a/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch
new file mode 100644
index 0000000000..41b8d2a30a
--- /dev/null
+++ b/meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9842.patch
@@ -0,0 +1,35 @@
+commit e54e1299404101a5a9d0cf5e45512b543967f958
+Author: Mark Adler <madler at alumni.caltech.edu>
+Date: Sat Sep 5 17:45:55 2015 -0700
+
+ Avoid shifts of negative values inflateMark().
+
+ The C standard says that bit shifts of negative integers is
+ undefined. This casts to unsigned values to assure a known
+ result.
+
+Upstream-Status: Backport
+http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz
+https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958
+
+CVE: CVE-2016-9842
+
+Signed-off-by: George McCollister <george.mccollister at gmail.com>
+
+diff --git a/inflate.c b/inflate.c
+index 2889e3a..a718416 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -1506,9 +1506,10 @@ z_streamp strm;
+ {
+ struct inflate_state FAR *state;
+
+- if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
++ if (strm == Z_NULL || strm->state == Z_NULL)
++ return (long)(((unsigned long)0 - 1) << 16);
+ state = (struct inflate_state FAR *)strm->state;
+- return ((long)(state->back) << 16) +
++ return (long)(((unsigned long)((long)state->back)) << 16) +
+ (state->mode == COPY ? state->length :
+ (state->mode == MATCH ? state->was - state->length : 0));
+ }
diff --git a/meta/recipes-core/zlib/zlib_1.2.8.bb b/meta/recipes-core/zlib/zlib_1.2.8.bb
index 88f60611d9..eb38589b6a 100644
--- a/meta/recipes-core/zlib/zlib_1.2.8.bb
+++ b/meta/recipes-core/zlib/zlib_1.2.8.bb
@@ -12,6 +12,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
file://ldflags-tests.patch \
file://CVE-2016-9840.patch \
file://CVE-2016-9841.patch \
+ file://CVE-2016-9842.patch \
file://run-ptest \
"
--
2.15.0
More information about the Openembedded-core
mailing list