zlib: Port fix for CVE-2018-25032 to U-Boot
authorTom Rini <trini@konsulko.com>
Tue, 10 May 2022 18:36:59 +0000 (14:36 -0400)
committerTom Rini <trini@konsulko.com>
Mon, 6 Jun 2022 21:47:17 +0000 (17:47 -0400)
commit2e2e784de0605081af7c5c9d04a014af69888c2c
treea9adfb4be0c1acfc26554ada9979e62e48d3d798
parent8a1ab5e81126c6ccedaa76376e7206f5c8583aa3
zlib: Port fix for CVE-2018-25032 to U-Boot

While our copy of zlib is missing upstream commit 263b1a05b04e ("Allow
deflatePrime() to insert bits in the middle of a stream.") we do have
Z_FIXED support, and so the majority of the code changes in 5c44459c3b28
("Fix a bug that can crash deflate on some input when using Z_FIXED.")
apply here directly and cleanly.  As this has been assigned a CVE, lets
go and apply these changes.

Link: https://github.com/madler/zlib/commit/5c44459c3b28a9bd3283aaceab7c615f8020c531
Reported-by: "Gan, Yau Wai" <yau.wai.gan@intel.com>
Signed-off-by: Tom Rini <trini@konsulko.com>
lib/zlib/deflate.c
lib/zlib/deflate.h
lib/zlib/trees.c