inflateCopy: fix a heap info leak (part of ZLB-01-003)

mirror of https://github.com/openbsd/src.git synced 2026-06-19 07:43:34 +02:00

commit 3509ab515f29002f64455d6e34e19df0c16b1707
Author: Mark Adler <git@madler.net>
Date:   Sun Dec 21 18:34:14 2025 -0800

    Copy only the initialized window contents in inflateCopy.

    To avoid the propagation and possible disclosure of uninitialized
    memory contents.

This commit is contained in:

2026-03-06 05:31:58 +00:00

parent 407a83d3c7

commit 99ebcb36d6

1 changed files with 2 additions and 5 deletions

									
										lib/libz/inflate.c
									
		+2
		-5
	
												View File
												
				@@ -1527,7 +1527,6 @@ int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {

				    struct inflate_state FAR *state;

				    struct inflate_state FAR *copy;

				    unsigned char FAR *window;

				    unsigned wsize;

				    /* check input */

				    if (inflateStateCheck(source) || dest == Z_NULL)

				@@ -1558,10 +1557,8 @@ int ZEXPORT inflateCopy(z_streamp dest, z_streamp source) {

				        copy->distcode = copy->codes + (state->distcode - state->codes);

				    }

				    copy->next = copy->codes + (state->next - state->codes);

				    if (window != Z_NULL) {

				        wsize = 1U << state->wbits;

				        zmemcpy(window, state->window, wsize);

				    }

				    if (window != Z_NULL)

				        zmemcpy(window, state->window, state->whave);

				    copy->window = window;

				    dest->state = (struct internal_state FAR *)copy;

				    return Z_OK;