Add test for CVE-2002-0059

CVE-2002-0059 was a double free in inflation. [0] This makes sure we don't accidentally reintroduce it. zlib-1.1.3 was download and fuzz tested using AFL[1]. This crashing case (test.gz) was discovered, and using gdb it was confirmed to be a double free in the expected place. The test script looks for a normal error exit (status code 1), and fails if any other code is returned. [0] http://www.cvedetails.com/cve/CVE-2002-0059/ [1] http://lcamtuf.coredump.cx/afl/ Signed-off-by: Daniel Axtens <dja@axtens.net>
2025-06-18 11:35:35 -04:00 · 2015-04-27 16:17:21 +10:00 · 2015-04-27 16:17:21 +10:00 · 821dd3d85d
commit 821dd3d85d
parent d7fdc511e1
3 changed files with 26 additions and 1 deletions
--- a/test/CVE-2002-0059/test.gz
+++ b/test/CVE-2002-0059/test.gz
--- a/test/Makefile.in
+++ b/test/Makefile.in
@ -45,7 +45,10 @@ test64:
 	fi; \
 	rm -f $$TMP64

-cvetests: testCVE-2003-0107
+cvetests: testCVE-2003-0107 testCVEinputs
+
+testCVEinputs:
+	@$(SRCDIR)/testCVEinputs.sh

 testCVE-2003-0107: CVE-2003-0107$(EXE)
 	@if ./CVE-2003-0107$(EXE); then \
--- a/test/testCVEinputs.sh
+++ b/test/testCVEinputs.sh
@ -0,0 +1,22 @@
+#!/bin/bash
+TESTDIR="$(dirname "$0")"
+
+CVEs="CVE-2002-0059"
+
+for CVE in $CVEs; do
+    fail=0
+    for testcase in ${TESTDIR}/${CVE}/*.gz; do
+	../minigzip -d < "$testcase"
+	# we expect that a 1 error code is OK
+	# for a vulnerable failure we'd expect 134 or similar
+	if [ $? -ne 1 ]; then
+	    fail=1
+	fi
+    done
+    if [ $fail -eq 0 ]; then
+	echo "		--- zlib not vulnerable to $CVE ---";
+    else
+	echo "          --- zlib VULNERABLE to $CVE ---"; exit 1;
+    fi
+done
+