summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Ahlberg <aliz@gentoo.org>2003-02-27 09:42:07 +0000
committerDaniel Ahlberg <aliz@gentoo.org>2003-02-27 09:42:07 +0000
commit6c793539c25c0000ec4b3bcb4633d1414f1211a4 (patch)
treeb6bd1d7703a952ff4ff27643c50667056db09ddd /sys-libs/zlib
parentSecurity update (diff)
downloadhistorical-6c793539c25c0000ec4b3bcb4633d1414f1211a4.tar.gz
historical-6c793539c25c0000ec4b3bcb4633d1414f1211a4.tar.bz2
historical-6c793539c25c0000ec4b3bcb4633d1414f1211a4.zip
Added missing patch
Diffstat (limited to 'sys-libs/zlib')
-rw-r--r--sys-libs/zlib/files/zlib-1.1.4-gentoo.security.patch352
1 files changed, 352 insertions, 0 deletions
diff --git a/sys-libs/zlib/files/zlib-1.1.4-gentoo.security.patch b/sys-libs/zlib/files/zlib-1.1.4-gentoo.security.patch
new file mode 100644
index 000000000000..e057098ccf55
--- /dev/null
+++ b/sys-libs/zlib/files/zlib-1.1.4-gentoo.security.patch
@@ -0,0 +1,352 @@
+diff -Naur zlib-1.1.4/ChangeLog zlib-1.1.4-vsnprintf/ChangeLog
+--- zlib-1.1.4/ChangeLog 2002-03-11 15:02:35.000000000 +0000
++++ zlib-1.1.4-vsnprintf/ChangeLog 2003-02-24 05:31:41.000000000 +0000
+@@ -1,6 +1,13 @@
+
+ ChangeLog file for zlib
+
++Changes in 1.1.4-patched (23 February 2003)
++- fix a security vulnerability related to improper use of snprintf/vsnprintf
++ function.
++- ./configure now detects the presence of snprintf/vsnprintf and enables it
++ automatically if present.
++- README.vsnprintf added.
++
+ Changes in 1.1.4 (11 March 2002)
+ - ZFREE was repeated on same allocation on some error conditions.
+ This creates a security problem described in
+diff -Naur zlib-1.1.4/README.vsnprintf zlib-1.1.4-vsnprintf/README.vsnprintf
+--- zlib-1.1.4/README.vsnprintf 1970-01-01 00:00:00.000000000 +0000
++++ zlib-1.1.4-vsnprintf/README.vsnprintf 2003-02-24 05:13:28.000000000 +0000
+@@ -0,0 +1,23 @@
++During a recent audit of zlib-1.1.4, a buffer-overflow and string-format
++vulnerability was found in the gzprintf() function. This has been corrected in
++this version of zlib; in addition, some ./configure checks have been added to
++make sure the host system can utilize the corrections fully.
++
++As a result, it is now strongly recommended that your host system or compiler
++provide a fully C99-compliant implementation of the vsnprintf() function.
++Anything less will reduce the functionality and/or security of the gzprintf()
++function. The most critical aspect is that vsnprintf() should be present and
++should provide a return value. If this function is missing, one of the
++fallback functions (vsprintf(), snprintf(), vsnprintf()) will have to be used,
++and if so, they too should return a value. If your system is lacking in any of
++these aspects, the ./configure script should warn you and refer you to this
++file.
++
++In addition, the HAS_vsnprintf and HAS_snprintf macros are automatically
++defined if these functions are available. zlib-1.1.4 and older versions did
++not do this, potentially leading to a broken and vulnerable zlib even when the
++host system supported the requisite functionality to avoid this.
++
++
++ -- Kelledin <kelledin@users.sourceforge.net>
++
+diff -Naur zlib-1.1.4/configure zlib-1.1.4-vsnprintf/configure
+--- zlib-1.1.4/configure 1998-07-08 18:19:35.000000000 +0000
++++ zlib-1.1.4-vsnprintf/configure 2003-02-24 05:13:28.000000000 +0000
+@@ -156,6 +156,209 @@
+ fi
+
+ cat > $test.c <<EOF
++#include <stdio.h>
++
++#if (defined(__MSDOS__) || defined(_WINDOWS) || defined(_WIN32) || defined(__WIN32__) || defined(WIN32) || defined(__STDC__) || defined(__cplusplus) || defined(__OS2__)) && !defined(STDC)
++# define STDC
++#endif
++
++int main() {
++ int i;
++
++ i=0;
++#ifndef STDC
++ choke me
++#endif
++
++ return 0;
++}
++EOF
++
++if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ echo "Checking whether to use vsnprintf() or snprintf()... using vsnprintf()"
++
++ cat > $test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...) {
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ vsnprintf(buf, sizeof(buf), fmt, ap);
++ return 0;
++}
++
++int main() {
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsnprintf"
++ echo "Checking for vsnprintf() in stdio.h... Yes."
++
++ cat > $test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...) {
++ int i;
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ i=vsnprintf(buf, sizeof(buf), fmt, ap);
++ return 0;
++}
++
++int main() {
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsnprintf_return"
++ echo "Checking for return value of vsnprintf()... Yes."
++ else
++ echo "Checking for return value of vsnprintf()... No."
++ echo " WARNING: apparently vsnprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities. See README.vsnprintf for more info."
++ echo
++ fi
++ else
++ echo "Checking for vsnprintf() in stdio.h... No."
++ echo " WARNING: vsnprintf() not found, falling back to vsprintf(). zlib"
++ echo " can build but will be open to possible buffer-overflow security"
++ echo " vulnerabilities. See README.vsnprintf for more info."
++ echo
++
++ cat > $test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest(char *fmt, ...) {
++ int i;
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ i=vsprintf(buf, fmt, ap);
++ return 0;
++}
++
++int main() {
++ return (mytest("Hello%d\n", 1));
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_vsprintf_return"
++ echo "Checking for return value of vsprintf()... Yes."
++ else
++ echo "Checking for return value of vsprintf()... No."
++ echo " WARNING: apparently vsprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities. See README.vsnprintf for more info."
++ echo
++ fi
++ fi
++else
++ echo "Checking whether to use vsnprintf() or snprintf()... using snprintf()"
++
++ cat > $test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest() {
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ snprintf(buf, sizeof(buf), fmt, ap);
++ return 0;
++}
++
++int main() {
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_snprintf"
++ echo "Checking for snprintf() in stdio.h... Yes."
++
++ cat > $test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest() {
++ int i;
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ i=snprintf(buf, sizeof(buf), fmt, ap);
++ return 0;
++}
++
++int main() {
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_snprintf_return"
++ echo "Checking for return value of snprintf()... Yes."
++ else
++ echo "Checking for return value of snprintf()... No."
++ echo " WARNING: apparently snprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities. See README.vsnprintf for more info."
++ echo
++ fi
++ else
++ echo "Checking for snprintf() in stdio.h... No."
++ echo " WARNING: snprintf() not found, falling back to sprintf(). zlib"
++ echo " can build but will be open to possible buffer-overflow security"
++ echo " vulnerabilities. See README.vsnprintf for more info."
++ echo
++
++ cat > $test.c <<EOF
++#include <stdio.h>
++#include <stdarg.h>
++
++int mytest() {
++ int i;
++ char buf[20];
++ va_list ap;
++
++ va_start(ap, fmt);
++ i=sprintf(buf, fmt, ap);
++ return 0;
++}
++
++int main() {
++ return (mytest());
++}
++EOF
++
++ if test "`($CC -c $CFLAGS $test.c) 2>&1`" = ""; then
++ CFLAGS="$CFLAGS -DHAS_sprintf_return"
++ echo "Checking for return value of sprintf()... Yes."
++ else
++ echo "Checking for return value of sprintf()... No."
++ echo " WARNING: apparently sprintf() does not return a value. zlib"
++ echo " can build but will be open to possible string-format security"
++ echo " vulnerabilities. See README.vsnprintf for more info."
++ echo
++ fi
++ fi
++fi
++
++cat > $test.c <<EOF
+ #include <errno.h>
+ int main() { return 0; }
+ EOF
+diff -Naur zlib-1.1.4/gzio.c zlib-1.1.4-vsnprintf/gzio.c
+--- zlib-1.1.4/gzio.c 2002-03-11 13:16:01.000000000 +0000
++++ zlib-1.1.4-vsnprintf/gzio.c 2003-02-24 05:18:44.000000000 +0000
+@@ -529,14 +529,42 @@
+ int len;
+
+ va_start(va, format);
++
++ /* 2003/02/23: Add proper length checking here, if possible.
++ *
++ * -- Kelledin
++ */
+ #ifdef HAS_vsnprintf
+- (void)vsnprintf(buf, sizeof(buf), format, va);
++# ifdef HAS_vsnprintf_return
++ len=vsnprintf(buf, sizeof(buf), format, va);
++ va_end(va);
++
++ if (len <= 0 || len >= sizeof(buf)) {
++ /* Resulting string too large to fit in the buffer. */
++ return 0;
++ }
++# else
++ vsnprintf(buf, sizeof(buf), format, va);
++ va_end(va);
++ len=strlen(buf);
++ if (len <= 0) return 0;
++# endif
+ #else
+- (void)vsprintf(buf, format, va);
+-#endif
++# ifdef HAS_vsprintf_return
++ len=vsprintf(buf, format, va);
++ va_end(va);
++
++ if (len <= 0 || len >= sizeof(buf)) {
++ /* Resulting string too large to fit in the buffer. */
++ return 0;
++ }
++# else
++ vsprintf(buf, format, va);
+ va_end(va);
+- len = strlen(buf); /* some *sprintf don't return the nb of bytes written */
++ len=strlen(buf);
+ if (len <= 0) return 0;
++# endif
++#endif
+
+ return gzwrite(file, buf, (unsigned)len);
+ }
+@@ -552,15 +580,41 @@
+ char buf[Z_PRINTF_BUFSIZE];
+ int len;
+
++ /* 2003/02/23: Add proper length checking here when possible.
++ *
++ * -- Kelledin
++ */
+ #ifdef HAS_snprintf
++# ifdef HAS_snprintf_return
++ len=snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
++ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++
++ if (len <= 0 || len >= sizeof(buf)) {
++ /* Resulting string too large to fit in the buffer. */
++ return 0;
++ }
++# else
+ snprintf(buf, sizeof(buf), format, a1, a2, a3, a4, a5, a6, a7, a8,
+ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++ len=strlen(buf);
++ if (len <= 0) return 0;
++# endif
+ #else
++# ifdef HAS_sprintf_return
++ len=sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
++ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
++
++ if (len <= 0 || len >= sizeof(buf)) {
++ /* Resulting string too large to fit in the buffer. */
++ return 0;
++ }
++# else
+ sprintf(buf, format, a1, a2, a3, a4, a5, a6, a7, a8,
+ a9, a10, a11, a12, a13, a14, a15, a16, a17, a18, a19, a20);
+-#endif
+- len = strlen(buf); /* old sprintf doesn't return the nb of bytes written */
++ len=strlen(buf);
+ if (len <= 0) return 0;
++# endif
++#endif
+
+ return gzwrite(file, buf, len);
+ }
+