zlib security alert.
Eric J. Peters
eric at i...
Tue Mar 12 09:29:26 EST 2002
Well, there's a problem with zlib:
http://www.redhat.com/support/errata/RHSA-2002-026.html
and the zlib source is included in the GDAL tree. I have grabbed the patch
from the RedHat SRPM, and attached it here for simplicity. Just save the
attached file and do a 'patch .../gdal/frmts/zlib/infblock.c infblock.patch'
and rebuild.
I was curious to find this though. Why is zlib source included in this tree,
instead of required and dynamically linked?
Happy patching!
-Eric.
--
Eric J. Peters
eric at i...
==
-------------- next part --------------
--- zlib-1.1.3/infblock.c.bar Mon Feb 18 10:34:53 2002
+++ zlib-1.1.3/infblock.c Mon Feb 18 10:37:23 2002
@@ -249,10 +249,11 @@
&s->sub.trees.tb, s->hufts, z);
if (t != Z_OK)
{
- ZFREE(z, s->sub.trees.blens);
r = t;
- if (r == Z_DATA_ERROR)
- s->mode = BAD;
+ if (r == Z_DATA_ERROR){
+ ZFREE(z, s->sub.trees.blens);
+ s->mode = BAD;
+ }
LEAVE
}
s->sub.trees.index = 0;
@@ -313,11 +314,12 @@
t = inflate_trees_dynamic(257 + (t & 0x1f), 1 + ((t >> 5) & 0x1f),
s->sub.trees.blens, &bl, &bd, &tl, &td,
s->hufts, z);
- ZFREE(z, s->sub.trees.blens);
if (t != Z_OK)
{
- if (t == (uInt)Z_DATA_ERROR)
- s->mode = BAD;
+ if (t == (uInt)Z_DATA_ERROR){
+ ZFREE(z, s->sub.trees.blens);
+ s->mode = BAD;
+ }
r = t;
LEAVE
}
@@ -329,6 +331,7 @@
}
s->sub.decode.codes = c;
}
+ ZFREE(z, s->sub.trees.blens);
s->mode = CODES;
case CODES:
UPDATE
More information about the Gdal-dev
mailing list