zlib-ng

mirror of https://github.com/GerbilSoft/zlib-ng.git synced 2025-06-18 11:35:35 -04:00

History

Daniel Axtens a54d505bda Add test for CVE-2004-0797 CVE-2004-0797[0] occured when an error was detected but no action was taken --- that is, execution was allowed to continue. One of the tests for CVE-2005-2096 actually hit the code path that was fixed in the patch for CVE-2004-0797. This occured because all the fuzzing was done on zlib 1.2.1, and zlib 1.2.2 fixed this bug but not the 2005 CVEs. It was detected by running the test cases against zlib 1.2.2. The relevant bits of the zlib 1.2.2 patch are [1] and [2]. [0] http://www.kb.cert.org/vuls/id/238678 [1] `7a6955760b (diff-154f1240658ec1e9f5c90024002d749aR437)` [2] `7a6955760b (diff-327188edf18799ffbb5a51cc69f797e8R864)` Signed-off-by: Daniel Axtens <dja@axtens.net>	2016-04-28 14:00:05 +02:00
..
test.gz	Add test for CVE-2004-0797	2016-04-28 14:00:05 +02:00

Daniel Axtens a54d505bda Add test for CVE-2004-0797

CVE-2004-0797[0] occured when an error was detected but no action
was taken --- that is, execution was allowed to continue.

One of the tests for CVE-2005-2096 actually hit the code path that
was fixed in the patch for CVE-2004-0797.

This occured because all the fuzzing was done on zlib 1.2.1, and
zlib 1.2.2 fixed this bug but not the 2005 CVEs. It was detected by
running the test cases against zlib 1.2.2.

The relevant bits of the zlib 1.2.2 patch are [1] and [2].

[0] http://www.kb.cert.org/vuls/id/238678
[1] 7a6955760b (diff-154f1240658ec1e9f5c90024002d749aR437)
[2] 7a6955760b (diff-327188edf18799ffbb5a51cc69f797e8R864)

Signed-off-by: Daniel Axtens <dja@axtens.net>

2016-04-28 14:00:05 +02:00

test.gz Add test for CVE-2004-0797 2016-04-28 14:00:05 +02:00