Patch for gzip integer overflow (CVE-2010-0001) Rediffed from upstream patch (commits 844994b00b and e9368c1189) diff -Naru a/Makefile.am b/Makefile.am --- a/Makefile.am 2009-10-30 19:38:55.000000000 +0100 +++ b/Makefile.am 2010-01-14 08:12:32.846290866 +0100 @@ -102,6 +102,7 @@ @echo 'Test succeeded.' TESTS = \ + tests/helin-segv \ tests/trailing-nul \ tests/zdiff \ tests/zgrep-f diff -Naru a/tests/helin-segv b/tests/helin-segv --- a/tests/helin-segv 1970-01-01 01:00:00.000000000 +0100 +++ b/tests/helin-segv 2010-01-14 08:13:25.230298339 +0100 @@ -0,0 +1,37 @@ +#!/bin/sh +# Before gzip-1.4, gzip -d would segfault on some inputs. + +# Copyright (C) 2010 Free Software Foundation, Inc. + +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. + +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# limit so don't run it by default. + +if test "$VERBOSE" = yes; then + set -x + gzip --version +fi + +: ${srcdir=.} +. "$srcdir/tests/init.sh"; path_prepend_ . + +# This test case was provided by Aki Helin. +printf '\037\235\220\0\0\0\304' > helin.gz || framework_failure +printf '\0\0' > exp || framework_failure + +fail=0 + +gzip -dc helin.gz > out || fail=1 +compare out exp || fail=1 + +Exit $fail diff -Naru a/unlzw.c b/unlzw.c --- a/unlzw.c 2009-09-26 20:20:40.000000000 +0200 +++ b/unlzw.c 2010-01-14 08:16:49.390292054 +0100 @@ -244,7 +244,8 @@ int o; resetbuf: - e = insize-(o = (posbits>>3)); + o = posbits >> 3; + e = o <= insize ? insize - o : 0; for (i = 0 ; i < e ; ++i) { inbuf[i] = inbuf[i+o];