openwrt/package/zlib/patches/zlib-1.2.2-CAN-2005-2096.patch

   1 Name: CAN-2005-2096 (under review)
   2 Description:
   3   Buffer overflow in zlib 1.2 and later versions allows remote attackers
   4   to cause a denial of service (crash) via a crafted compressed stream, as
   5   demonstrated using a crafted PNG file.
   6
   7 References:
   8   * DEBIAN:DSA-740
   9     http://www.debian.org/security/2005/dsa-740
  10   * REDHAT:RHSA-2005:569
  11     http://www.redhat.com/support/errata/RHSA-2005-569.html
  12
  13   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096
  14
  15 diff -ruN zlib-1.2.2-old/inftrees.c zlib-1.2.2-new/inftrees.c
  16 --- zlib-1.2.2-old/inftrees.c   2004-09-15 16:30:06.000000000 +0200
  17 +++ zlib-1.2.2-new/inftrees.c   2005-07-08 21:18:58.000000000 +0200
  18 @@ -134,7 +134,7 @@
  19          left -= count[len];
  20          if (left < 0) return -1;        /* over-subscribed */
  21      }
  22 -    if (left > 0 && (type == CODES || (codes - count[0] != 1)))
  23 +    if (left > 0 && (type == CODES || max != 1))
  24          return -1;                      /* incomplete set */
  25
  26      /* generate offsets into symbol table for each length for sorting */