[master] 4711ac210 Sync libvgz with upstream zlib.

Poul-Henning Kamp phk at FreeBSD.org
Tue Sep 6 08:24:05 UTC 2022 

commit 4711ac210b48aea57bf3e5635f720b4dc3977a8f
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Tue Sep 6 08:22:50 2022 +0000

    Sync libvgz with upstream zlib.
    
    Varnish is not subject to CVE 2022 37434, we never use "extra" data.

diff --git a/lib/libvgz/crc32.c b/lib/libvgz/crc32.c
index 2c92d0acb..3ce5afd96 100644
--- a/lib/libvgz/crc32.c
+++ b/lib/libvgz/crc32.c
@@ -635,7 +635,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
 #endif /* DYNAMIC_CRC_TABLE */
 
     /* Pre-condition the CRC */
-    crc ^= 0xffffffff;
+    crc = (~crc) & 0xffffffff;
 
     /* Compute the CRC up to a word boundary. */
     while (len && ((z_size_t)buf & 7) != 0) {
@@ -754,7 +754,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
 #endif /* DYNAMIC_CRC_TABLE */
 
     /* Pre-condition the CRC */
-    crc ^= 0xffffffff;
+    crc = (~crc) & 0xffffffff;
 
 #ifdef W
 
@@ -1082,7 +1082,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
 #ifdef DYNAMIC_CRC_TABLE
     once(&made, make_crc_table);
 #endif /* DYNAMIC_CRC_TABLE */
-    return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
+    return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
 }
 
 /* ========================================================================= */
@@ -1117,5 +1117,5 @@ uLong crc32_combine_op(crc1, crc2, op)
     uLong crc2;
     uLong op;
 {
-    return multmodp(op, crc1) ^ crc2;
+    return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
 }
diff --git a/lib/libvgz/inflate.c b/lib/libvgz/inflate.c
index bb6db9ce9..9577e8312 100644
--- a/lib/libvgz/inflate.c
+++ b/lib/libvgz/inflate.c
@@ -771,8 +771,9 @@ int flush;
                 if (copy > have) copy = have;
                 if (copy) {
                     if (state->head != Z_NULL &&
-                        state->head->extra != Z_NULL) {
-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);
diff --git a/lib/libvgz/zconf.h b/lib/libvgz/zconf.h
index 5e1d68a00..5113d217e 100644
--- a/lib/libvgz/zconf.h
+++ b/lib/libvgz/zconf.h
@@ -8,6 +8,12 @@
 #ifndef ZCONF_H
 #define ZCONF_H
 
+#if defined(Z_SOLO)
+#include <sys/types.h>
+#define Z_U8 __uint64_t
+#define Z_U4 __uint32_t
+#endif
+
 /*
  * If you *really* need a unique prefix for all types and library functions,
  * compile with -DZ_PREFIX. The "standard" zlib should be compiled without it.

More information about the varnish-commit mailing list