[Zlib-devel] zlib release plan

Glenn Randers-Pehrson glennrp at comcast.net
Sat Sep 4 18:15:40 EDT 2004 

At 11:44 PM 9/4/2004 +0200, Gilles Vollant wrote:
>Thank for the info
>
>Can you send on the mailing a copy of your patch submitted to mozilla?

OK, attached.  For mozilla I deleted the part that updates infbak9.c
and added an entry in the Mozilla changelog.

The mozilla bug has just been opened for public view, since the bug
has evidently been made public already.  It's bug #258009 at
bugzilla.mozilla.org

Glenn
-------------- next part --------------
Index: modules/zlib/src/ChangeLog.moz
===================================================================
RCS file: /cvsroot/mozilla/modules/zlib/src/ChangeLog.moz,v
retrieving revision 3.5
diff -u -8 -r3.5 ChangeLog.moz
--- modules/zlib/src/ChangeLog.moz	25 Jun 2004 17:30:07 -0000	3.5
+++ modules/zlib/src/ChangeLog.moz	4 Sep 2004 16:01:16 -0000
@@ -1,18 +1,23 @@
 
 		Mozilla ChangeLog file for zlib
 
 Mozilla.org changes:
 - 17 June 2004
   Sync'd with 1.2.1 release
+  see bug #226733
 
 - 17 June 2004
   Add mozzconf.h
 
 - 17 June 2004
   Turn off ZLIB_DLL to fix static build bustage
 
 - 24 June 2004
   do not prototype strerror for VMS in zutil.h
 
 - 25 June 2004
   define NO_vsnprintf for VMS in zutil.h
+
+- 04 September 2004
+  applied patch for DoS vulnerabililty in inflate.c
+  see bug #258009
Index: modules/zlib/src/inflate.c
===================================================================
RCS file: /cvsroot/mozilla/modules/zlib/src/inflate.c,v
retrieving revision 3.4
diff -u -8 -r3.4 inflate.c
--- modules/zlib/src/inflate.c	17 Jun 2004 14:33:24 -0000	3.4
+++ modules/zlib/src/inflate.c	4 Sep 2004 16:01:17 -0000
@@ -856,16 +856,19 @@
                         state->mode = BAD;
                         break;
                     }
                     while (copy--)
                         state->lens[state->have++] = (unsigned short)len;
                 }
             }
 
+            /* handle error breaks in while */
+            if (state->mode == BAD) break;
+
             /* build code tables */
             state->next = state->codes;
             state->lencode = (code const FAR *)(state->next);
             state->lenbits = 9;
             ret = inflate_table(LENS, state->lens, state->nlen, &(state->next),
                                 &(state->lenbits), state->work);
             if (ret) {
                 strm->msg = (char *)"invalid literal/lengths set";

More information about the Zlib-devel mailing list