Revert "Merge patch series "zlib: Address CVE-2016-9841""

This series brings our zlib code more up to date. However, it drops an important performance improvement that is required on some of our supported platforms in order to boot Linux before the watchdog resets the system. Furthermore, the "post increment" version of this performance loop was not tested, so while we can fix it, it would then require re-testing all platforms. At this point in time, we will revert updating zlib (which has had a potential security issue since 2016) and fix this in the v2024.10 release. This reverts commit 4914263c9a14315390d3ccc4816cf3a94cfd156d, reversing changes made to ef8ef5f77c9a998f76a48277a883af1645b54117. Reported-by: Christophe Leroy <christophe.leroy@csgroup.eu> Signed-off-by: Tom Rini <trini@konsulko.com>
author: Tom Rini <trini@konsulko.com> 2024-06-30 19:03:14 -0600
committer: Tom Rini <trini@konsulko.com> 2024-06-30 19:03:14 -0600
commit: bbacdd3ef7762fbdeab43ceea5205d1fd0f25bbd (patch)
tree: 3e54d8c227b690177c26db6677719f0d194f5337 /lib/zlib/inflate.c
parent: 8937bb265a7f2251c1bd999784a4ef10e9c6080d (diff)
1 files changed, 17 insertions, 14 deletions
diff --git a/lib/zlib/inflate.c b/lib/zlib/inflate.c
index f7e81fc8b2a..8f767b7b9d2 100644
--- a/lib/zlib/inflate.c
+++ b/lib/zlib/inflate.c
@@ -21,7 +21,7 @@ int ZEXPORT inflateReset(z_streamp strm)
     state->head = Z_NULL;
     state->wsize = 0;
     state->whave = 0;
-    state->wnext = 0;
+    state->write = 0;
     state->hold = 0;
     state->bits = 0;
     state->lencode = state->distcode = state->next = state->codes;
@@ -30,11 +30,14 @@ int ZEXPORT inflateReset(z_streamp strm)
     return Z_OK;
 }
 
-int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
+int ZEXPORT inflateInit2_(z_streamp strm, int windowBits, const char *version,
 			  int stream_size)
 {
     struct inflate_state FAR *state;
 
+    if (version == Z_NULL || version[0] != ZLIB_VERSION[0] ||
+        stream_size != (int)(sizeof(z_stream)))
+        return Z_VERSION_ERROR;
     if (strm == Z_NULL) return Z_STREAM_ERROR;
     strm->msg = Z_NULL;                 /* in case we return an error */
     if (strm->zalloc == (alloc_func)0) {
@@ -67,9 +70,9 @@ int ZEXPORT inflateInit2_(z_streamp strm, int windowBits,
     return inflateReset(strm);
 }
 
-int ZEXPORT inflateInit_(z_streamp strm, int stream_size)
+int ZEXPORT inflateInit_(z_streamp strm, const char *version, int stream_size)
 {
-    return inflateInit2_(strm, DEF_WBITS, stream_size);
+    return inflateInit2_(strm, DEF_WBITS, version, stream_size);
 }
 
 local void fixedtables(struct inflate_state FAR *state)
@@ -112,7 +115,7 @@ local int updatewindow(z_streamp strm, unsigned out)
     /* if window not in use yet, initialize */
     if (state->wsize == 0) {
         state->wsize = 1U << state->wbits;
-        state->wnext = 0;
+        state->write = 0;
         state->whave = 0;
     }
 
@@ -120,22 +123,22 @@ local int updatewindow(z_streamp strm, unsigned out)
     copy = out - strm->avail_out;
     if (copy >= state->wsize) {
         zmemcpy(state->window, strm->next_out - state->wsize, state->wsize);
-        state->wnext = 0;
+        state->write = 0;
         state->whave = state->wsize;
     }
     else {
-        dist = state->wsize - state->wnext;
+        dist = state->wsize - state->write;
         if (dist > copy) dist = copy;
-        zmemcpy(state->window + state->wnext, strm->next_out - copy, dist);
+        zmemcpy(state->window + state->write, strm->next_out - copy, dist);
         copy -= dist;
         if (copy) {
             zmemcpy(state->window, strm->next_out - copy, copy);
-            state->wnext = copy;
+            state->write = copy;
             state->whave = state->wsize;
         }
         else {
-            state->wnext += dist;
-            if (state->wnext == state->wsize) state->wnext = 0;
+            state->write += dist;
+            if (state->write == state->wsize) state->write = 0;
             if (state->whave < state->wsize) state->whave += dist;
         }
     }
@@ -820,12 +823,12 @@ int ZEXPORT inflate(z_streamp strm, int flush)
             copy = out - left;
             if (state->offset > copy) {         /* copy from window */
                 copy = state->offset - copy;
-                if (copy > state->wnext) {
-                    copy -= state->wnext;
+                if (copy > state->write) {
+                    copy -= state->write;
                     from = state->window + (state->wsize - copy);
                 }
                 else
-                    from = state->window + (state->wnext - copy);
+                    from = state->window + (state->write - copy);
                 if (copy > state->length) copy = state->length;
             }
             else {                              /* copy from output */
author	Tom Rini <trini@konsulko.com>	2024-06-30 19:03:14 -0600
committer	Tom Rini <trini@konsulko.com>	2024-06-30 19:03:14 -0600
commit	bbacdd3ef7762fbdeab43ceea5205d1fd0f25bbd (patch)
tree	3e54d8c227b690177c26db6677719f0d194f5337 /lib/zlib/inflate.c
parent	8937bb265a7f2251c1bd999784a4ef10e9c6080d (diff)