Skip to content

Added unit test for CVE-2018-25032#1208

Merged
Dead2 merged 4 commits intozlib-ng:developfrom
nmoinvaz:tests/cve-2018-25032
Apr 3, 2022
Merged

Added unit test for CVE-2018-25032#1208
Dead2 merged 4 commits intozlib-ng:developfrom
nmoinvaz:tests/cve-2018-25032

Conversation

@nmoinvaz
Copy link
Copy Markdown
Member

@nmoinvaz nmoinvaz commented Mar 27, 2022
edited
Loading

See madler/zlib#605 for background.

Using minideflate compiled against zlib master fails the test.
Using minideflate compiled against the zlib-ng passes the test.

@nmoinvaz nmoinvaz force-pushed the tests/cve-2018-25032 branch from 9477e12 to 1bb67e3 Compare March 27, 2022 00:54
@codecov
Copy link
Copy Markdown

codecov bot commented Mar 27, 2022
edited
Loading

Codecov Report

Merging #1208 (8285aa7) into develop (fadaca4) will increase coverage by 0.08%.
The diff coverage is 100.00%.

@@             Coverage Diff             @@
##           develop    #1208      +/-   ##
===========================================
+ Coverage    87.95%   88.04%   +0.08%     
===========================================
  Files          114      114              
  Lines        10147    10194      +47     
  Branches      2539     2551      +12     
===========================================
+ Hits          8925     8975      +50     
+ Misses         971      969       -2     
+ Partials       251      250       -1
Flag Coverage Δ
macos_clang 30.95% <ø> (ø)
macos_gcc 75.01% <0.00%> (+0.04%) ⬆️
ubuntu_clang 87.32% <100.00%> (+0.06%) ⬆️
ubuntu_clang_debug 86.90% <100.00%> (+0.82%) ⬆️
ubuntu_clang_inflate_allow_invalid_dist 87.04% <100.00%> (+0.07%) ⬆️
ubuntu_clang_inflate_strict 86.48% <100.00%> (-0.74%) ⬇️
ubuntu_clang_mmap 86.57% <100.00%> (-0.73%) ⬇️
ubuntu_clang_pigz 40.99% <ø> (-0.31%) ⬇️
ubuntu_clang_pigz_no_optim 41.19% <ø> (-0.35%) ⬇️
ubuntu_clang_pigz_no_threads 40.56% <ø> (-0.31%) ⬇️
ubuntu_clang_reduced_mem 87.70% <100.00%> (+0.06%) ⬆️
ubuntu_gcc 76.32% <100.00%> (-0.67%) ⬇️
ubuntu_gcc_aarch64 77.40% <100.00%> (+0.11%) ⬆️
ubuntu_gcc_aarch64_compat_no_opt 75.47% <0.00%> (+0.05%) ⬆️
ubuntu_gcc_aarch64_no_acle 76.30% <0.00%> (+0.05%) ⬆️
ubuntu_gcc_aarch64_no_neon 76.19% <0.00%> (+0.05%) ⬆️
ubuntu_gcc_armhf 77.41% <100.00%> (+0.11%) ⬆️
ubuntu_gcc_armhf_compat_no_opt 75.38% <0.00%> (+0.06%) ⬆️
ubuntu_gcc_armhf_no_acle 77.43% <100.00%> (+0.11%) ⬆️
ubuntu_gcc_armhf_no_neon 77.19% <100.00%> (+0.12%) ⬆️
ubuntu_gcc_armsf 77.28% <100.00%> (+0.12%) ⬆️
ubuntu_gcc_armsf_compat_no_opt 75.05% <0.00%> (+0.06%) ⬆️
ubuntu_gcc_benchmark 75.03% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_compat_no_opt 76.61% <100.00%> (+0.13%) ⬆️
ubuntu_gcc_compat_sprefix 75.13% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_m32 74.49% <100.00%> (-0.23%) ⬇️
ubuntu_gcc_mingw_i686 0.00% <0.00%> (ø)
ubuntu_gcc_mingw_x86_64 0.00% <0.00%> (ø)
ubuntu_gcc_no_avx2 76.75% <0.00%> (+0.03%) ⬆️
ubuntu_gcc_no_ctz 74.80% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_no_ctzll 74.83% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_no_pclmulqdq 74.74% <0.00%> (-0.75%) ⬇️
ubuntu_gcc_no_sse2 76.81% <0.00%> (+0.03%) ⬆️
ubuntu_gcc_no_sse4 76.34% <0.00%> (+0.03%) ⬆️
ubuntu_gcc_o1 76.06% <0.00%> (+0.62%) ⬆️
ubuntu_gcc_osb ∅ <ø> (∅)
ubuntu_gcc_pigz 38.92% <ø> (-0.50%) ⬇️
ubuntu_gcc_pigz_aarch64 39.40% <ø> (-0.39%) ⬇️
ubuntu_gcc_ppc 73.84% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_ppc64 74.59% <100.00%> (+0.14%) ⬆️
ubuntu_gcc_ppc64le 74.57% <100.00%> (+0.14%) ⬆️
ubuntu_gcc_ppc_no_power8 74.77% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_s390x 74.76% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_s390x_dfltcc 72.08% <100.00%> (-0.06%) ⬇️
ubuntu_gcc_s390x_dfltcc_compat 73.68% <0.00%> (-0.20%) ⬇️
ubuntu_gcc_s390x_no_crc32 74.52% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_sparc64 74.65% <100.00%> (+0.15%) ⬆️
ubuntu_gcc_sprefix 74.92% <100.00%> (+0.15%) ⬆️
win64_gcc 73.98% <100.00%> (+0.26%) ⬆️
win64_gcc_compat_no_opt 74.02% <100.00%> (+0.28%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
test/minideflate.c 58.57% <100.00%> (+0.77%) ⬆️
crc32_fold.c 100.00% <0.00%> (ø)
test/test_compare256.cc 64.00% <0.00%> (ø)
arch/x86/compare256_avx2.c 100.00% <0.00%> (ø)
test/benchmarks/benchmark_compare256.cc 42.85% <0.00%> (ø)
inflate.c 94.16% <0.00%> (+0.19%) ⬆️
arch/x86/crc32_fold_pclmulqdq.c 100.00% <0.00%> (+0.27%) ⬆️
arch/s390/dfltcc_deflate.c 64.92% <0.00%> (+0.52%) ⬆️
functable.c 79.78% <0.00%> (+0.80%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update fadaca4...8285aa7. Read the comment docs.

@nmoinvaz nmoinvaz force-pushed the tests/cve-2018-25032 branch from 1bb67e3 to 2da0ba0 Compare March 27, 2022 01:14
@vielmetti vielmetti mentioned this pull request Mar 27, 2022
Closed
@Dead2 Dead2 added the Rebase needed Please do a 'git rebase develop yourbranch' label Mar 28, 2022
@nmoinvaz
Copy link
Copy Markdown
Member Author

nmoinvaz commented Mar 28, 2022

I want to add the new test case they came up with Z_DEFAULT_STRATEGY.

@nmoinvaz nmoinvaz marked this pull request as draft March 28, 2022 14:20
@nmoinvaz nmoinvaz force-pushed the tests/cve-2018-25032 branch from 2da0ba0 to f1bb219 Compare March 28, 2022 14:21
@nmoinvaz nmoinvaz removed the Rebase needed Please do a 'git rebase develop yourbranch' label Mar 28, 2022
@nmoinvaz
Copy link
Copy Markdown
Member Author

nmoinvaz commented Mar 28, 2022

Rebased.

@nmoinvaz
Added unit test against CVE-2018-25032 with default strategy.
7dc9f61 
Co-authored-by: Eric Biggers <ebiggers@kernel.org>
@nmoinvaz nmoinvaz marked this pull request as ready for review March 28, 2022 14:54
@nmoinvaz
Copy link
Copy Markdown
Member Author

nmoinvaz commented Mar 28, 2022

Added the new test case against Z_DEFAULT_STRATEGY.

@Dead2
Copy link
Copy Markdown
Member

Dead2 commented Mar 30, 2022

I think we should test this on both level 1 and level 2 as well, since as far as I have understood this problem, it is basically a buffer overrun situation when using low compression. Both deflate_quick (level 1) and deflate_fast (level 2) should thus probably get tested separately. Especially since our level 2 is essentially zlibs level 1 (with modifications of course, such as 4-byte matches instead of 3-byte, thus possibly making this problem more likely).

@nmoinvaz
Copy link
Copy Markdown
Member Author

nmoinvaz commented Mar 31, 2022

@Dead2 I have added those test levels.

@Dead2 Dead2 merged commit d6c1c88 into zlib-ng:develop Apr 3, 2022
@alandefreitas alandefreitas mentioned this pull request Jun 2, 2022
Merged
@Dead2 Dead2 mentioned this pull request Dec 27, 2022
Merged
Dead2 added a commit that referenced this pull request Mar 7, 2023
@Dead2
Version 2.0.7
98ea610 
Changes since 2.0.6:
- Fix CVE-2022-37434 #1328
- Fix chunkmemset #1196
- Fix deflateBound too small #1236
- Fix Z_SOLO #1263
- Fix ACLE variant of crc32 #1274
- Fix inflateBack #1311
- Fix deflate_quick windowsize #1431
- Fix DFLTCC bugs related to adler32 #1349 and #1390
- Fix warnings #1194 #1312 #1362
- MacOS build fix #1198
- Add invalid windowBits handling #1293
- Support for Force TZCNT #1186
- Support for aligned_alloc() #1360
- Minideflate improvements #1175 #1238
- Dont use unaligned access for memcpy #1309
- Build system #1209 #1233 #1267 #1273 #1278 #1292 #1316 #1318 #1365
- Test improvements #1208 #1227 #1241 #1353
- Cleanup #1266
- Documentation #1205 #1359
- Misc improvements #1294 #1297 #1306 #1344 #1348
- Backported zlib fixes
- Backported CI workflows from Develop branch
Dead2 added a commit that referenced this pull request Mar 17, 2023
@Dead2
Version 2.0.7
a583e21 
Changes since 2.0.6:
- Fix CVE-2022-37434 #1328
- Fix chunkmemset #1196
- Fix deflateBound too small #1236
- Fix Z_SOLO #1263
- Fix ACLE variant of crc32 #1274
- Fix inflateBack #1311
- Fix deflate_quick windowsize #1431
- Fix DFLTCC bugs related to adler32 #1349 and #1390
- Fix warnings #1194 #1312 #1362
- MacOS build fix #1198
- Add invalid windowBits handling #1293
- Support for Force TZCNT #1186
- Support for aligned_alloc() #1360
- Minideflate improvements #1175 #1238
- Dont use unaligned access for memcpy #1309
- Build system #1209 #1233 #1267 #1273 #1278 #1292 #1316 #1318 #1365
- Test improvements #1208 #1227 #1241 #1353
- Cleanup #1266
- Documentation #1205 #1359
- Misc improvements #1294 #1297 #1306 #1344 #1348
- Backported zlib fixes
- Backported CI workflows from Develop branch
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Dead2 Dead2 Dead2 approved these changes

Assignees

No one assigned

Labels

Testing Framework

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nmoinvaz @Dead2