summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTim Yamin <plasmaroo@gentoo.org>2005-07-25 23:16:13 +0100
committerChris Wright <chrisw@osdl.org>2005-08-14 17:20:09 -0700
commit885605316d76c3fdce23dffe9c59e20539287c6b (patch)
treebb5e6bfcbd99d565d6dd2274af2b6bd0dffeabd7
parent8f5a9b18ec1b8af04a8d9e1fcce04cf8dbb08019 (diff)
downloadlwn-885605316d76c3fdce23dffe9c59e20539287c6b.tar.gz
lwn-885605316d76c3fdce23dffe9c59e20539287c6b.zip
[PATCH] Update in-kernel zlib routines (CAN-2005-2458, CAN-2005-2459)
Fix outstanding security bugs in the Linux zlib implementations. See: a) http://sources.redhat.com/ml/bug-gnu-utils/1999-06/msg00183.html CAN-2005-2458 b) http://bugs.gentoo.org/show_bug.cgi?id=94584 CAN-2005-2459 Signed-off-by: Tim Yamin <plasmaroo@gentoo.org> Signed-off-by: Tavis Ormandy <taviso@gentoo.org> Signed-off-by: Chris Wright <chrisw@osdl.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
-rw-r--r--arch/ppc64/boot/zlib.c3
-rw-r--r--lib/inflate.c16
-rw-r--r--lib/zlib_inflate/inftrees.c2
3 files changed, 12 insertions, 9 deletions
diff --git a/arch/ppc64/boot/zlib.c b/arch/ppc64/boot/zlib.c
index 9d5e4e9832d2..78837e884b8b 100644
--- a/arch/ppc64/boot/zlib.c
+++ b/arch/ppc64/boot/zlib.c
@@ -1307,7 +1307,7 @@ local int huft_build(
{
*t = (inflate_huft *)Z_NULL;
*m = 0;
- return Z_OK;
+ return Z_DATA_ERROR;
}
@@ -1351,6 +1351,7 @@ local int huft_build(
if ((j = *p++) != 0)
v[x[j]++] = i;
} while (++i < n);
+ n = x[g]; /* set n to length of v */
/* Generate the Huffman codes and for each, make the table entries */
diff --git a/lib/inflate.c b/lib/inflate.c
index 75e7d303c72e..6db6e98d1637 100644
--- a/lib/inflate.c
+++ b/lib/inflate.c
@@ -326,7 +326,7 @@ DEBG("huft1 ");
{
*t = (struct huft *)NULL;
*m = 0;
- return 0;
+ return 2;
}
DEBG("huft2 ");
@@ -374,6 +374,7 @@ DEBG("huft5 ");
if ((j = *p++) != 0)
v[x[j]++] = i;
} while (++i < n);
+ n = x[g]; /* set n to length of v */
DEBG("h6 ");
@@ -410,12 +411,13 @@ DEBG1("1 ");
DEBG1("2 ");
f -= a + 1; /* deduct codes from patterns left */
xp = c + k;
- while (++j < z) /* try smaller tables up to z bits */
- {
- if ((f <<= 1) <= *++xp)
- break; /* enough codes to use up j bits */
- f -= *xp; /* else deduct codes from patterns */
- }
+ if (j < z)
+ while (++j < z) /* try smaller tables up to z bits */
+ {
+ if ((f <<= 1) <= *++xp)
+ break; /* enough codes to use up j bits */
+ f -= *xp; /* else deduct codes from patterns */
+ }
}
DEBG1("3 ");
z = 1 << j; /* table entries for j-bit table */
diff --git a/lib/zlib_inflate/inftrees.c b/lib/zlib_inflate/inftrees.c
index 874950ec4858..c5f66fbb0dd0 100644
--- a/lib/zlib_inflate/inftrees.c
+++ b/lib/zlib_inflate/inftrees.c
@@ -141,7 +141,7 @@ static int huft_build(
{
*t = NULL;
*m = 0;
- return Z_OK;
+ return Z_DATA_ERROR;
}