From 30be1fa71dee0b78c8b6cd31fe6c0f6dc68a8028 Mon Sep 17 00:00:00 2001
From: xuguangmin <xuguangmin@kylinos.cn>
Date: Wed, 17 Jul 2024 11:19:09 +0800
Subject: [PATCH] fix CVE-2022-37434

---
 backport-0001-CVE-2022-37434.patch | 29 +++++++++++++++++++++++++++++
 openresty-zlib.spec                |  6 +++++-
 2 files changed, 34 insertions(+), 1 deletion(-)
 create mode 100644 backport-0001-CVE-2022-37434.patch

diff --git a/backport-0001-CVE-2022-37434.patch b/backport-0001-CVE-2022-37434.patch
new file mode 100644
index 0000000..95e9f17
--- /dev/null
+++ b/backport-0001-CVE-2022-37434.patch
@@ -0,0 +1,29 @@
+commit eff308af425b67093bab25f80f1ae950166bece1
+Author: Mark Adler <fork@madler.net>
+Date:   Sat Jul 30 15:51:11 2022 -0700
+
+    Fix a bug when getting a gzip header extra field with inflate().
+    
+    If the extra field was larger than the space the user provided with
+    inflateGetHeader(), and if multiple calls of inflate() delivered
+    the extra header data, then there could be a buffer overflow of the
+    provided space. This commit assures that provided space is not
+    exceeded.
+
+diff --git a/inflate.c b/inflate.c
+index 7be8c63..7a72897 100644
+--- a/inflate.c
++++ b/inflate.c
+@@ -763,9 +763,10 @@ int flush;
+                 copy = state->length;
+                 if (copy > have) copy = have;
+                 if (copy) {
++                    len = state->head->extra_len - state->length;
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
++                        state->head->extra != Z_NULL &&
++                        len < state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
diff --git a/openresty-zlib.spec b/openresty-zlib.spec
index d5232b4..c3b3208 100644
--- a/openresty-zlib.spec
+++ b/openresty-zlib.spec
@@ -1,6 +1,6 @@
 Name:               openresty-zlib
 Version:            1.2.11
-Release:            4
+Release:            5
 Summary:            The zlib compression library for OpenResty
 
 Group:              System Environment/Libraries
@@ -10,6 +10,7 @@ License:            zlib and Boost
 URL:                http://www.zlib.net/
 Source0:            http://www.zlib.net/zlib-%{version}.tar.xz
 Patch99:            0099-copy-dir.sh.patch
+Patch100:           backport-0001-CVE-2022-37434.patch
 
 BuildRoot:          %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 
@@ -122,6 +123,9 @@ rm -rf %{buildroot}
 %{zlib_prefix_asan}/include/zconf.h
 
 %changelog
+* Wed Jun 17 2022 xuguangmin <xuguangmin@kylinos.cn> - 1.2.11-5
+- fix CVE-2022-37434
+
 * Thu Mar 24 2022 wulei <wulei80@huawei.com> - 1.2.11-4
 - Delete {?dist}
 
-- 
Gitee