mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-31 12:49:46 +00:00
Code Issues Projects Releases Wiki Activity

zlib: Fix CVE-2016-9843

Browse Source 
Add backported patch to fix CVE-2016-9843 which was fixed in zlib 1.2.9

https://nvd.nist.gov/vuln/detail/CVE-2016-9843

(From OE-Core rev: 32db742922b6e4127d65abf42905a07eca6a2255)

Signed-off-by: George McCollister <george.mccollister@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
George McCollister
2017-11-14 14:01:06 -06:00
committed by Richard Purdie
parent ee4506739f
commit 2cfc095148
2 changed files with 56 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/zlib/zlib-1.2.8/CVE-2016-9843.patch
+55
View File
@@ -0,0 +1,55 @@
commit d1d577490c15a0c6862473d7576352a9f18ef811
Author: Mark Adler <madler@alumni.caltech.edu>
Date: Wed Sep 28 20:20:25 2016 -0700
Avoid pre-decrement of pointer in big-endian CRC calculation.
There was a small optimization for PowerPCs to pre-increment a
pointer when accessing a word, instead of post-incrementing. This
required prefacing the loop with a decrement of the pointer,
possibly pointing before the object passed. This is not compliant
with the C standard, for which decrementing a pointer before its
allocated memory is undefined. When tested on a modern PowerPC
with a modern compiler, the optimization no longer has any effect.
Due to all that, and per the recommendation of a security audit of
the zlib code by Trail of Bits and TrustInSoft, in support of the
Mozilla Foundation, this "optimization" was removed, in order to
avoid the possibility of undefined behavior.
Upstream-Status: Backport
http://http.debian.net/debian/pool/main/z/zlib/zlib_1.2.8.dfsg-5.debian.tar.xz
https://github.com/madler/zlib/commit/d1d577490c15a0c6862473d7576352a9f18ef811
CVE: CVE-2016-9843
Signed-off-by: George McCollister <george.mccollister@gmail.com>
diff --git a/crc32.c b/crc32.c
index 979a719..05733f4 100644
--- a/crc32.c
+++ b/crc32.c
@@ -278,7 +278,7 @@ local unsigned long crc32_little(crc, buf, len)
}
/* ========================================================================= */
-#define DOBIG4 c ^= *++buf4; \
+#define DOBIG4 c ^= *buf4++; \
c = crc_table[4][c & 0xff] ^ crc_table[5][(c >> 8) & 0xff] ^ \
crc_table[6][(c >> 16) & 0xff] ^ crc_table[7][c >> 24]
#define DOBIG32 DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4; DOBIG4
@@ -300,7 +300,6 @@ local unsigned long crc32_big(crc, buf, len)
}
buf4 = (const z_crc_t FAR *)(const void FAR *)buf;
- buf4--;
while (len >= 32) {
DOBIG32;
len -= 32;
@@ -309,7 +308,6 @@ local unsigned long crc32_big(crc, buf, len)
DOBIG4;
len -= 4;
}
- buf4++;
buf = (const unsigned char FAR *)buf4;
if (len) do {
meta/recipes-core/zlib/zlib_1.2.8.bb
+1
View File
@@ -13,6 +13,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/libpng/${BPN}/${PV}/${BPN}-${PV}.tar.xz \
file://CVE-2016-9840.patch \ file://CVE-2016-9840.patch \
file://CVE-2016-9841.patch \ file://CVE-2016-9841.patch \
file://CVE-2016-9842.patch \ file://CVE-2016-9842.patch \
file://CVE-2016-9843.patch \
file://run-ptest \ file://run-ptest \
" "