mirror of
https://github.com/GerbilSoft/zlib-ng.git
synced 2025-06-18 11:35:35 -04:00
Move CVE-2003-0107 test to Google Tests.
This commit is contained in:
Nathan Moinvaziri
Hans Kristian Rosbach
parent
e1d7d9eaf7
commit
e664973c03
1
.gitignore
vendored
1
.gitignore
vendored
@ -27,7 +27,6 @@
|
||||
/switchlevels
|
||||
/zlib.pc
|
||||
/zlib-ng.pc
|
||||
/CVE-2003-0107
|
||||
|
||||
.DS_Store
|
||||
*_fuzzer
|
||||
|
||||
@ -1194,11 +1194,6 @@ if(ZLIB_ENABLE_TESTS)
|
||||
add_test(NAME ${target} COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:${target}>)
|
||||
endmacro()
|
||||
|
||||
|
||||
if(NOT WIN32 AND ZLIB_COMPAT)
|
||||
add_simple_test_executable(CVE-2003-0107)
|
||||
endif()
|
||||
|
||||
add_simple_test_executable(example)
|
||||
|
||||
set(MINIGZIP_COMMAND ${CMAKE_CROSSCOMPILING_EMULATOR} $<TARGET_FILE:minigzip>)
|
||||
|
||||
2
configure
vendored
2
configure
vendored
@ -2205,7 +2205,6 @@ done
|
||||
|
||||
# Generate Makefile in test dir
|
||||
mkdir -p test
|
||||
if test $compat -eq 1; then COMPATTESTS="compattests"; fi
|
||||
if test $QEMU_ARCH; then QEMU_RUN="qemu-$QEMU_ARCH -L /usr/${CHOST}/"; fi
|
||||
sed < $SRCDIR/test/Makefile.in "
|
||||
/^CC *=/s#=.*#=$CC#
|
||||
@ -2215,7 +2214,6 @@ sed < $SRCDIR/test/Makefile.in "
|
||||
/^oldtests: */s#:.*#: $TEST#
|
||||
/^SRCDIR *=/s#=.*#=$SRCDIR/test#
|
||||
/^SRCTOP *=/s#=.*#=$SRCDIR#
|
||||
/^COMPATTESTS *=/s#=.*#=$COMPATTESTS#
|
||||
/^QEMU_RUN *=/s#=.*#=$QEMU_RUN#
|
||||
/^WITH_FUZZERS *=/s#=.*#=$with_fuzzers#
|
||||
/^LIBNAME *=/s#=.*#=$LIBNAME#
|
||||
|
||||
@ -11,11 +11,10 @@ LIBNAME=
|
||||
TEST_LDFLAGS=-L.. ../$(LIBNAME).a
|
||||
WITH_FUZZERS=
|
||||
|
||||
COMPATTESTS =
|
||||
QEMU_RUN=
|
||||
QEMU_VER:=$(shell command -v $(QEMU_RUN) --version 2> /dev/null)
|
||||
|
||||
all: oldtests cvetests $(COMPATTESTS) fuzzer ghtests
|
||||
all: oldtests cvetests fuzzer ghtests
|
||||
|
||||
oldtests: #set by ../configure
|
||||
check_cross_dep:
|
||||
@ -71,25 +70,9 @@ testshared: check_cross_dep
|
||||
|
||||
cvetests: testCVEinputs
|
||||
|
||||
# Tests requiring zlib-ng to be built with --zlib-compat
|
||||
compattests: testCVE-2003-0107
|
||||
|
||||
testCVEinputs: check_cross_dep
|
||||
@EXE=$(EXE) QEMU_RUN="${QEMU_RUN}" $(SRCDIR)/testCVEinputs.sh
|
||||
|
||||
testCVE-2003-0107: CVE-2003-0107$(EXE) check_cross_dep
|
||||
@if ${QEMU_RUN} ./CVE-2003-0107$(EXE); then \
|
||||
echo ' *** zlib not vulnerable to CVE-2003-0107 ***'; \
|
||||
else \
|
||||
echo ' *** zlib VULNERABLE to CVE-2003-0107 ***'; exit 1; \
|
||||
fi
|
||||
|
||||
CVE-2003-0107.o: $(SRCDIR)/CVE-2003-0107.c
|
||||
$(CC) $(CFLAGS) -I.. -I$(SRCTOP) -c -o $@ $(SRCDIR)/CVE-2003-0107.c
|
||||
|
||||
CVE-2003-0107$(EXE): CVE-2003-0107.o
|
||||
$(CC) $(CFLAGS) -o $@ CVE-2003-0107.o $(TEST_LDFLAGS)
|
||||
|
||||
.PHONY: ghtests
|
||||
ghtests: testGH-361 testGH-364 testGH-751
|
||||
|
||||
@ -110,7 +93,7 @@ testGH-751:
|
||||
|
||||
clean:
|
||||
rm -f *.o *.gcda *.gcno *.gcov
|
||||
rm -f CVE-2003-0107$(EXE) switchlevels$(EXE)
|
||||
rm -f switchlevels$(EXE)
|
||||
|
||||
distclean:
|
||||
rm -f Makefile
|
||||
|
||||
@ -3,7 +3,7 @@ Contents
|
||||
|
||||
|Name|Description|
|
||||
|-|-|
|
||||
|[CVE-2003-0107.c](https://nvd.nist.gov/vuln/detail/CVE-2003-0107)|Buffer overflow in the gzprintf function, requires ZLIB_COMPAT|
|
||||
|[CVE-2003-0107](https://nvd.nist.gov/vuln/detail/CVE-2003-0107)|Buffer overflow in the gzprintf function, requires ZLIB_COMPAT|
|
||||
|[CVE-2002-0059](https://nvd.nist.gov/vuln/detail/CVE-2002-0059)|inflateEnd to release memory more than once|
|
||||
|[CVE-2004-0797](https://nvd.nist.gov/vuln/detail/CVE-2004-0797)|Error handling in inflate and inflateBack causes crash|
|
||||
|[CVE-2005-1849](https://nvd.nist.gov/vuln/detail/CVE-2005-1849)|inftrees.h bug causes crash|
|
||||
@ -28,7 +28,7 @@ Some of the files in _test_ are licensed differently:
|
||||
which is licensed under the CC-BY license. See
|
||||
https://www.ploscompbiol.org/static/license for more information.
|
||||
|
||||
- test/data/lcet10.txt is from Project Gutenberg. It does not have expired
|
||||
- test/data/lcet10.txt is from Project Gutenberg. It does not have expired
|
||||
copyright, but is still in the public domain according to the license information.
|
||||
(https://www.gutenberg.org/ebooks/53).
|
||||
|
||||
|
||||
@ -1,22 +1,28 @@
|
||||
// https://www.securityfocus.com/archive/1/312869 --- originally by Richard Kettlewell
|
||||
#include <stdlib.h>
|
||||
#include <zlib.h>
|
||||
#include <errno.h>
|
||||
#include <stdio.h>
|
||||
|
||||
int main(void) {
|
||||
#include "zbuild.h"
|
||||
#ifdef ZLIB_COMPAT
|
||||
# include "zlib.h"
|
||||
#else
|
||||
# include "zlib-ng.h"
|
||||
#endif
|
||||
|
||||
#include <gtest/gtest.h>
|
||||
|
||||
#if !defined(_WIN32) && defined(ZLIB_COMPAT)
|
||||
TEST(gzip, cve_2003_0107) {
|
||||
gzFile f;
|
||||
int ret;
|
||||
|
||||
if(!(f = gzopen("/dev/null", "w"))) {
|
||||
perror("/dev/null");
|
||||
exit(1);
|
||||
}
|
||||
f = gzopen("/dev/null", "w");
|
||||
EXPECT_TRUE(f != NULL);
|
||||
|
||||
ret = gzprintf(f, "%10240s", "");
|
||||
printf("gzprintf -> %d\n", ret);
|
||||
ret = gzclose(f);
|
||||
printf("gzclose -> %d [%d]\n", ret, errno);
|
||||
|
||||
exit(0);
|
||||
}
|
||||
#endif
|
||||
Loading…
Reference in New Issue
Block a user