From 7213516401db6c5ee75039cb564355fbdfddfacd Mon Sep 17 00:00:00 2001
From: kuenking111 <wangkun49@huawei.com>
Date: Mon, 24 Oct 2022 15:50:10 +0800
Subject: [PATCH] I5XDCR: CVE-2022-37434: Fix a bug when getting a gzip header
 extra field with inflate()

---
 ...gzip-header-extra-field-with-inflate.patch | 30 +++++++++++++++++++
 openjdk-1.8.0.spec                            | 10 ++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch

diff --git a/cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch b/cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
new file mode 100644
index 0000000..f02cbb3
--- /dev/null
+++ b/cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
@@ -0,0 +1,30 @@
+From fa03b567552ecc1a2a91850c959220ab28f178dd Mon Sep 17 00:00:00 2001
+From: yangyudong <yangyudong3@huawei.com>
+Date: Fri, 21 Oct 2022 12:02:55 +0800
+Subject: cve-2022-37434: Fix a bug when getting a gzip header extra
+ field with inflate().
+
+Bug url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-37434
+---
+ jdk/src/share/native/java/util/zip/zlib/inflate.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/jdk/src/share/native/java/util/zip/zlib/inflate.c b/jdk/src/share/native/java/util/zip/zlib/inflate.c
+index ca904e744..63decdb19 100644
+--- a/jdk/src/share/native/java/util/zip/zlib/inflate.c
++++ b/jdk/src/share/native/java/util/zip/zlib/inflate.c
+@@ -783,8 +783,9 @@ int flush;
+                 if (copy > have) copy = have;
+                 if (copy) {
+                     if (state->head != Z_NULL &&
+-                        state->head->extra != Z_NULL) {
+-                        len = state->head->extra_len - state->length;
++                        state->head->extra != Z_NULL &&
++                        (len = state->head->extra_len - state->length) <
++                            state->head->extra_max) {
+                         zmemcpy(state->head->extra + len, next,
+                                 len + copy > state->head->extra_max ?
+                                 state->head->extra_max - len : copy);
+-- 
+2.22.0
+
diff --git a/openjdk-1.8.0.spec b/openjdk-1.8.0.spec
index 838ce77..134d270 100644
--- a/openjdk-1.8.0.spec
+++ b/openjdk-1.8.0.spec
@@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
 
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 1
+Release: 2
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@@ -1149,6 +1149,10 @@ Patch262: add-configuration-option-of-huawei-internal-version-shown-in-release-f
 Patch263: The-code-style-is-fixed-and-test-cases-are-added.patch
 Patch264: 8287109-Distrust-failed-with-CertificateExpired.patch
 
+# 8u352
+Patch265: cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
+
+
 #############################################
 #
 # Upstreamable patches
@@ -1638,6 +1642,7 @@ pushd %{top_level_dir_name}
 %patch262 -p1
 %patch263 -p1
 %patch264 -p1
+%patch265 -p1
 popd
 
 # System library fixes
@@ -2262,6 +2267,9 @@ cjc.mainProgram(arg)
 %endif
 
 %changelog
+* Mon Oct 24 2022 kuenking111<wangkun49@huawei.com> - 1:1.8.0.352-b08.2
+- add cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
+
 * Mon Oct 24 2022 kuenking111<wangkun49@huawei.com> - 1:1.8.0.352-b08.1
 - remove gitattributes gitignore jcheck files