boostorg/beast
1
0
Fork 1
mirror of https://github.com/boostorg/beast.git synced 2025-08-01 22:04:34 +02:00
Code Issues Packages Projects Releases Wiki Activity

Port zlib fix for CVE-2016-9840:

Browse Source 
Commit ref: 6a043145ca
Additionally updated lext table to one used in zlib v1.2.11.

close #2314
This commit is contained in:
msuvajac
2021-09-17 11:33:54 +02:00
committed by Richard Hodges
parent b16005a456
commit 3fd090af3b
2 changed files with 10 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -1,5 +1,6 @@
Version XXX: Version XXX:
* Fix CVE-2016-9840 in zlib implementation.
* Fix TLS SNI handling in websocket_client_async_ssl example. * Fix TLS SNI handling in websocket_client_async_ssl example.
* Fix reuse of sliding window in WebSocket permessage_deflate. * Fix reuse of sliding window in WebSocket permessage_deflate.
* Fix accept error handling in http_server_async example. * Fix accept error handling in http_server_async example.

20
include/boost/beast/zlib/detail/inflate_stream.ipp
View File

@@ -572,7 +572,7 @@ inflate_table(
code *next; // next available space in table code *next; // next available space in table
std::uint16_t const* base; // base value table to use std::uint16_t const* base; // base value table to use
std::uint16_t const* extra; // extra bits table to use std::uint16_t const* extra; // extra bits table to use
int end; // use base and extra for symbol > end unsigned match; // use base and extra for symbol >= match
std::uint16_t count[15+1]; // number of codes of each length std::uint16_t count[15+1]; // number of codes of each length
std::uint16_t offs[15+1]; // offsets in table for each length std::uint16_t offs[15+1]; // offsets in table for each length
@@ -584,7 +584,7 @@ inflate_table(
// Length codes 257..285 extra // Length codes 257..285 extra
static std::uint16_t constexpr lext[31] = { static std::uint16_t constexpr lext[31] = {
16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18, 16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78}; 19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 77, 202};
// Distance codes 0..29 base // Distance codes 0..29 base
static std::uint16_t constexpr dbase[32] = { static std::uint16_t constexpr dbase[32] = {
@@ -722,19 +722,17 @@ inflate_table(
{ {
case build::codes: case build::codes:
base = extra = work; /* dummy value--not used */ base = extra = work; /* dummy value--not used */
end = 19; match = 20;
break; break;
case build::lens: case build::lens:
base = lbase; base = lbase;
base -= 257;
extra = lext; extra = lext;
extra -= 257; match = 257;
end = 256;
break; break;
default: /* build::dists */ default: /* build::dists */
base = dbase; base = dbase;
extra = dext; extra = dext;
end = -1; match = 0;
} }
/* initialize state for loop */ /* initialize state for loop */
@@ -764,15 +762,15 @@ inflate_table(
{ {
/* create table entry */ /* create table entry */
here.bits = (std::uint8_t)(len - drop); here.bits = (std::uint8_t)(len - drop);
if ((int)(work[sym]) < end) if (work[sym] + 1U < match)
{ {
here.op = (std::uint8_t)0; here.op = (std::uint8_t)0;
here.val = work[sym]; here.val = work[sym];
} }
else if ((int)(work[sym]) > end) else if (work[sym] >= match)
{ {
here.op = (std::uint8_t)(extra[work[sym]]); here.op = (std::uint8_t)(extra[work[sym] - match]);
here.val = base[work[sym]]; here.val = base[work[sym] - match];
} }
else else
{ {