Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 835958

Summary: <sys-libs/zlib-1.2.12: deflate memory corruption
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: IN_PROGRESS ---    
Severity: minor CC: base-system, sam
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://www.openwall.com/lists/oss-security/2022/03/24/1
Whiteboard: A4 [glsa? cleanup]
Package list:
Runtime testing required: ---
Bug Depends on: 836303    
Bug Blocks: 838721    

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-03-24 20:00:15 UTC
From https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531:

"This bug was reported by Danilo Ramos of Eideticom, Inc. It has
lain in wait 13 years before being found! The bug was introduced
in zlib 1.2.2.2, with the addition of the Z_FIXED option. That
option forces the use of fixed Huffman codes. For rare inputs with
a large number of distant matches, the pending buffer into which
the compressed data is written can overwrite the distance symbol
table which it overlays. That results in corrupted output due to
invalid distances, and can result in out-of-bound accesses,
crashing the application.

The fix here combines the distance buffer and literal/length
buffers into a single symbol buffer. Now three bytes of pending
buffer space are opened up for each literal or length/distance
pair consumed, instead of the previous two bytes. This assures
that the pending buffer cannot overwrite the symbol table, since
the maximum fixed code compressed length/distance is 31 bits, and
since there are four bytes of pending space for every three bytes
of symbol space."
Comment 1 Larry the Git Cow gentoo-dev 2022-03-28 06:43:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d55f1223957344dd8aaa16d5f609b46d7d2b598e

commit d55f1223957344dd8aaa16d5f609b46d7d2b598e
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-28 06:43:11 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-28 06:43:26 +0000

    sys-libs/zlib: add 1.2.12
    
    Bug: https://bugs.gentoo.org/835958
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/Manifest           |   2 +
 sys-libs/zlib/zlib-1.2.12.ebuild | 187 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 189 insertions(+)
Comment 2 Larry the Git Cow gentoo-dev 2022-03-28 06:51:29 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cb5eb206b488b495be7cab1bc72526a79d49428b

commit cb5eb206b488b495be7cab1bc72526a79d49428b
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-28 06:50:42 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-28 06:51:20 +0000

    sys-libs/zlib: unkeyword 1.2.12
    
    Checking something...
    
    Bug: https://bugs.gentoo.org/835958
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/zlib-1.2.12.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
Comment 3 Larry the Git Cow gentoo-dev 2022-03-28 07:29:55 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5e2bd29b39d577e88ecf6bc0752cd50c56ea6411

commit 5e2bd29b39d577e88ecf6bc0752cd50c56ea6411
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-28 07:28:51 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-28 07:29:30 +0000

    sys-libs/zlib: revbump 1.2.12 for configure fix
    
    For me, it silently installed no 32-bit lib (or tried to build
    it statically, which then didn't get installed), so let's
    be cautious.
    
    Still unkeyworded until later though.
    
    Bug: https://bugs.gentoo.org/835958
    Bug: https://bugs.gentoo.org/836308
    Fixes: 0a91cef90a3879f5fe3763a01c0f37c336bd1a6c
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/{zlib-1.2.12.ebuild => zlib-1.2.12-r1.ebuild} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
Comment 4 Larry the Git Cow gentoo-dev 2022-03-29 02:00:49 UTC
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cd0a0f16ebdc4cf2d18378213d8476aeb42ff810

commit cd0a0f16ebdc4cf2d18378213d8476aeb42ff810
Author:     Sam James <sam@gentoo.org>
AuthorDate: 2022-03-29 01:59:47 +0000
Commit:     Sam James <sam@gentoo.org>
CommitDate: 2022-03-29 02:00:40 +0000

    sys-libs/zlib: keyword 1.2.12-r1
    
    Issues are fixed now. Nothing else has come up other than the now-fixed
    CC-configure issue.
    
    Bug: https://bugs.gentoo.org/835958
    Signed-off-by: Sam James <sam@gentoo.org>

 sys-libs/zlib/files/zlib-1.2.12-fix-CC-logic-in-configure.patch | 6 ++++--
 sys-libs/zlib/zlib-1.2.12-r1.ebuild                             | 2 +-
 2 files changed, 5 insertions(+), 3 deletions(-)