!368 I5XDCR: CVE-2022-37434: Fix a bug when getting a gzip header extra field with inflate().

From: @kuenking111 Reviewed-by: @alexanderbill Signed-off-by: @alexanderbill
2022-10-24 08:55:50 +00:00 · 2022-10-24 08:55:50 +00:00 · d469295482
commit d469295482
parent bae00e81f1 7213516401
2 changed files with 39 additions and 1 deletions
--- a/cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
+++ b/cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
@ -0,0 +1,30 @@
+From fa03b567552ecc1a2a91850c959220ab28f178dd Mon Sep 17 00:00:00 2001
+From: yangyudong <yangyudong3@huawei.com>
+Date: Fri, 21 Oct 2022 12:02:55 +0800
+Subject: cve-2022-37434: Fix a bug when getting a gzip header extra
+ field with inflate().
+
+Bug url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-37434
+---
+ jdk/src/share/native/java/util/zip/zlib/inflate.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/jdk/src/share/native/java/util/zip/zlib/inflate.c b/jdk/src/share/native/java/util/zip/zlib/inflate.c
+index ca904e744..63decdb19 100644
+--- a/jdk/src/share/native/java/util/zip/zlib/inflate.c
+++ b/jdk/src/share/native/java/util/zip/zlib/inflate.c
+@@ -783,8 +783,9 @@ int flush;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
+                        state->head->extra != Z_NULL &&
+                        (len = state->head->extra_len - state->length) <
+                            state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
+-- 
+2.22.0
+
--- a/openjdk-1.8.0.spec
+++ b/openjdk-1.8.0.spec
@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r

 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 1
+Release: 2
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@ -1149,6 +1149,10 @@ Patch262: add-configuration-option-of-huawei-internal-version-shown-in-release-f
 Patch263: The-code-style-is-fixed-and-test-cases-are-added.patch
 Patch264: 8287109-Distrust-failed-with-CertificateExpired.patch

+# 8u352
+Patch265: cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
+
+
 #############################################
 #
 # Upstreamable patches
@ -1638,6 +1642,7 @@ pushd %{top_level_dir_name}
 %patch262 -p1
 %patch263 -p1
 %patch264 -p1
+%patch265 -p1
 popd

 # System library fixes
@ -2262,6 +2267,9 @@ cjc.mainProgram(arg)
 %endif

 %changelog
+* Mon Oct 24 2022 kuenking111<wangkun49@huawei.com> - 1:1.8.0.352-b08.2
+- add cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
+
 * Mon Oct 24 2022 kuenking111<wangkun49@huawei.com> - 1:1.8.0.352-b08.1
 - remove gitattributes gitignore jcheck files