From nobody Tue Jan 24 22:29:14 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4P1hTl68plz3bk0N; Tue, 24 Jan 2023 22:29:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4P1hTl140jz3FRG; Tue, 24 Jan 2023 22:29:15 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1674599355; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=C9Z5A7EuvLwUqOtypKLldWzatv9ioA4w82OLI0G9v4E=; b=SBwrnMt7IstaP8+8kXyxsWiarC3sz/mDDyPXs6q0TxhltV/ywUt6kn8qQqV3pCqptaphHH wLjzYVSVfKui/LcSzf4OTbM1Cob4A5ZJID+oiZiFBQIozUg1U+saNWsbihGHkyOj6xGXIB q5FxG/iMLWqXyAWH+YQB2STzgKc2Xs3Fbs2ozhj3LyqSax4jTbTFmuAuF1qMy3Au9QvhC7 lpYCA3HsdKsRzbVwGNq0faiaHKVRGqOpJxMg5WDYl8tFOBL9e9XHvpzmyi57aCtmJsbXdS wr2vA6Q2H/VH9srpA43ldaMnzLKUcRTMSNqaW0K1LuJ9NnzsW77AXuqp2CMQTg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1674599355; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=C9Z5A7EuvLwUqOtypKLldWzatv9ioA4w82OLI0G9v4E=; b=klc+JxieQ0iaNz8Fpm98ENPBHaNrYp2efJkm+PvVkvUbztBdleA+8xjeBFzU0qSu0CAxEc 2DQ9myZ1o71oBFznxbyra0rUlqWkCRXMTvsneR9H6SK/QNA10JiU8peeotRGLqtGg5sIfu 4zkS7LHEMZOuF2PoFJJ9QKpsrtTDGV0Ftoh85aw9tz9QfbG5PBrosXL+Smv6uJaTgybZZR 9TcDXezUkY+vzvkuR2nXkzZxmTN04fBbz14XvCFSj0RIMU6bT0bNE42IgbIs7YBAotPTzp XErQjwEEmYu2LejSuvNs2OcqdZqLeqAhtKlrq1ShmBAI6RvTOttUlUXRT8PT6A== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1674599355; a=rsa-sha256; cv=none; b=BPLtREp6tTWtduV7xCfLvPEpEpzcnDgnMfWcGLW8FtzN+kke+bIhmAHiTUODojB9g2rJn4 EEI3mjySnLhAR+YLefUKoT8detNYdaCez/GgrxrJPAhUWih05HBL39PEuPYgVjSv8tm0cA 5N9EImTm1qmDoxaqMMZcPJgHWupb2Wgb69NltEq1CCG4kXO+LxYQEY8DUUCC7vFXA4Z676 GF+bngwwQvnKg41prQ37jYPH66QoqPou7LOzuSTpvks2gkHuoPLPM0MCgGP+5qg39diUAH pluiIutZtC7U5sIBTBf5M2nPfeVvX+uZaILGXIUTPABlVsc/Vol0WmPmJ906sA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4P1hTl06KdzRG8; Tue, 24 Jan 2023 22:29:15 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 30OMTEPN006985; Tue, 24 Jan 2023 22:29:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 30OMTERA006984; Tue, 24 Jan 2023 22:29:14 GMT (envelope-from git) Date: Tue, 24 Jan 2023 22:29:14 GMT Message-Id: <202301242229.30OMTERA006984@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Ed Maste Subject: git: e59d10aff6ed - stable/11 - zlib: Fix a bug when getting a gzip header extra field with inflate(). List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: emaste X-Git-Repository: src X-Git-Refname: refs/heads/stable/11 X-Git-Reftype: branch X-Git-Commit: e59d10aff6edc088850be553252020230a560514 Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch stable/11 has been updated by emaste: URL: https://cgit.FreeBSD.org/src/commit/?id=e59d10aff6edc088850be553252020230a560514 commit e59d10aff6edc088850be553252020230a560514 Author: Mark Adler AuthorDate: 2022-07-30 22:51:11 +0000 Commit: Ed Maste CommitDate: 2023-01-24 22:27:50 +0000 zlib: Fix a bug when getting a gzip header extra field with inflate(). If the extra field was larger than the space the user provided with inflateGetHeader(), and if multiple calls of inflate() delivered the extra header data, then there could be a buffer overflow of the provided space. This commit assures that provided space is not exceeded. (cherry picked from zlib commit eff308af425b67093bab25f80f1ae950166bece1) (cherry picked from zlib commit 1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d) (cherry picked from commit dc3509f1aafcd966f3dd9226115cf94b691ff3c7) (cherry picked from commit 2969066f73fc67a614144ac09b9f3f5291937fed) (cherry picked from commit 10cc2bf5f7a592981ee00d22eb13e100beed1e64) --- sys/contrib/zlib/inflate.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/sys/contrib/zlib/inflate.c b/sys/contrib/zlib/inflate.c index ac333e8c2eda..cd018573dee8 100644 --- a/sys/contrib/zlib/inflate.c +++ b/sys/contrib/zlib/inflate.c @@ -759,8 +759,9 @@ int flush; if (copy > have) copy = have; if (copy) { if (state->head != Z_NULL && - state->head->extra != Z_NULL) { - len = state->head->extra_len - state->length; + state->head->extra != Z_NULL && + (len = state->head->extra_len - state->length) < + state->head->extra_max) { zmemcpy(state->head->extra + len, next, len + copy > state->head->extra_max ? state->head->extra_max - len : copy);