!368 I5XDCR: CVE-2022-37434: Fix a bug when getting a gzip header extra field with inflate().

From: @kuenking111 Reviewed-by: @alexanderbill Signed-off-by: @alexanderbill
2022-10-24 08:55:50 +00:00 · 2022-10-24 08:55:50 +00:00 · d469295482
commit d469295482
parent bae00e81f1 7213516401
2 changed files with 39 additions and 1 deletions
--- a/cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
+++ b/cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
@ -0,0 +1,30 @@
 From fa03b567552ecc1a2a91850c959220ab28f178dd Mon Sep 17 00:00:00 2001
 From: yangyudong <yangyudong3@huawei.com>
 Date: Fri, 21 Oct 2022 12:02:55 +0800
 Subject: cve-2022-37434: Fix a bug when getting a gzip header extra
 field with inflate().
 Bug url: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2022-37434
 ---
 jdk/src/share/native/java/util/zip/zlib/inflate.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)
 diff --git a/jdk/src/share/native/java/util/zip/zlib/inflate.c b/jdk/src/share/native/java/util/zip/zlib/inflate.c
 index ca904e744..63decdb19 100644
 --- a/jdk/src/share/native/java/util/zip/zlib/inflate.c
 +++ b/jdk/src/share/native/java/util/zip/zlib/inflate.c
@@ -783,8 +783,9 @@ int flush;
                 if (copy > have) copy = have;
                 if (copy) {
                     if (state->head != Z_NULL &&
 -                        state->head->extra != Z_NULL) {
 -                        len = state->head->extra_len - state->length;
 +                        state->head->extra != Z_NULL &&
 +                        (len = state->head->extra_len - state->length) <
 +                            state->head->extra_max) {
                         zmemcpy(state->head->extra + len, next,
                                 len + copy > state->head->extra_max ?
                                 state->head->extra_max - len : copy);
 -- 
 2.22.0
--- a/openjdk-1.8.0.spec
+++ b/openjdk-1.8.0.spec
@ -916,7 +916,7 @@ Provides: java-%{javaver}-%{origin}-accessibility%{?1} = %{epoch}:%{version}-%{r
 Name:    java-%{javaver}-%{origin}
 Version: %{javaver}.%{updatever}.%{buildver}
-Release: 1
+Release: 2
 # java-1.5.0-ibm from jpackage.org set Epoch to 1 for unknown reasons
 # and this change was brought into RHEL-4. java-1.5.0-ibm packages
 # also included the epoch in their virtual provides. This created a
@ -1149,6 +1149,10 @@ Patch262: add-configuration-option-of-huawei-internal-version-shown-in-release-f
 Patch263: The-code-style-is-fixed-and-test-cases-are-added.patch
 Patch264: 8287109-Distrust-failed-with-CertificateExpired.patch
 # 8u352
 Patch265: cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
 #############################################
 #
 # Upstreamable patches
@ -1638,6 +1642,7 @@ pushd %{top_level_dir_name}
 %patch262 -p1
 %patch263 -p1
 %patch264 -p1
 %patch265 -p1
 popd
 # System library fixes
@ -2262,6 +2267,9 @@ cjc.mainProgram(arg)
 %endif
 %changelog
 * Mon Oct 24 2022 kuenking111<wangkun49@huawei.com> - 1:1.8.0.352-b08.2
 - add cve-2022-37434-Fix-a-bug-when-getting-a-gzip-header-extra-field-with-inflate.patch
 * Mon Oct 24 2022 kuenking111<wangkun49@huawei.com> - 1:1.8.0.352-b08.1
 - remove gitattributes gitignore jcheck files