Fix heap-based buffer over-read or buffer overflow in inflate.c

Upstream patch: ec3df00224 Resolves: CVE-2022-37434
2022-08-10 07:58:54 +00:00 · 2022-08-10 07:58:54 +00:00 · de5caa002f
commit de5caa002f
parent 6e982b7c51
2 changed files with 23 additions and 2 deletions
--- a/zlib-1.2.12-fix-CVE-2022-37434.patch
+++ b/zlib-1.2.12-fix-CVE-2022-37434.patch
@ -0,0 +1,14 @@
+--- zlib-1.2.12/inflate.c.old	2022-08-09 10:30:18.831225181 +0000
+++ zlib-1.2.12/inflate.c	2022-08-09 10:29:33.251225181 +0000
+@@ -792,8 +792,9 @@ int flush;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+				state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
--- a/zlib.spec
+++ b/zlib.spec
@ -2,7 +2,7 @@

 Name:    zlib
 Version: 1.2.12
-Release: 4%{?dist}
+Release: 5%{?dist}
 Summary: Compression and decompression library
 # /contrib/dotzlib/ have Boost license
 License: zlib and Boost
@ -33,7 +33,9 @@ Patch23: zlib-1.2.11-covscan-issues-rhel9.patch
 # Correct incorrect inputs provided to the CRC functions.
 # ref: https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2
 Patch24: zlib-1.2.12-correct-inputs-provided-to-crc-func.patch
-
+# Fix for CVE-2022-37434
+# ref: https://github.com/madler/zlib/commit/1eb7682f845ac9e9bf9ae35bbfb3bad5dacbd91d
+Patch25: zlib-1.2.12-fix-CVE-2022-37434.patch

 BuildRequires: make
 BuildRequires: automake, autoconf, libtool
@ -96,6 +98,7 @@ developing applications which use minizip.
 %patch22 -p1
 %patch23 -p1
 %patch24 -p1
+%patch25 -p1
 # Patch19 conflicts with Patch1, so the Patch1 has to be applied after,
 # because it is arch specific
 %ifarch s390 s390x
@ -178,6 +181,10 @@ find $RPM_BUILD_ROOT -name '*.la' -delete


 %changelog
+* Tue Aug 09 2022 Lukas Javorsky <ljavorsk@redhat.com> - 1.2.12-5
+- Fix heap-based buffer over-read or buffer overflow in inflate in inflate.c
+- Resolves: CVE-2022-37434
+
 * Sat Jul 23 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.12-4
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild