add zlib-ng cve tests

trifectatechfoundation · Feb 12, 2024 · ceec8cf · ceec8cf
1 parent dcdc602
commit ceec8cf
Show file tree

Hide file tree

Showing 5 changed files with 45 additions and 0 deletions.
diff --git a/Cargo.toml b/Cargo.toml
@@ -22,6 +22,9 @@ publish = true
 [profile.release]
 debug = true
 
+[profile.dev]
+opt-level = 1 # required for the tail calls in inflate to optimize
+
 [workspace.dependencies]
 libloading = "0.8.1"
 libz-ng-sys = { version = "1.1.12" }

diff --git a/zlib-rs/src/deflate.rs b/zlib-rs/src/deflate.rs
@@ -2641,6 +2641,45 @@ mod test {
         (&mut output[..stream.total_out as usize], ReturnCode::Ok)
     }
 
+    fn cve_test(input: &[u8]) {
+        let mut output_ng = [0; 1 << 17];
+        // flush type 4 = Finish is the default
+        let config = DeflateConfig {
+            window_bits: 15,
+            mem_level: 1,
+            ..DeflateConfig::default()
+        };
+        let (output_ng, err) = compress_slice_ng(&mut output_ng, input, config);
+        assert_eq!(err, ReturnCode::Ok);
+
+        let mut output_rs = [0; 1 << 17];
+        let (output_rs, err) = compress_slice(&mut output_rs, input, config);
+        assert_eq!(err, ReturnCode::Ok);
+
+        assert_eq!(output_ng, output_rs);
+
+        std::fs::write("/tmp/output.dat", output_ng);
+
+        let mut output = vec![0; input.len()];
+        let config = crate::inflate::InflateConfig { window_bits: 15 };
+        let (output, err) = crate::inflate::uncompress_slice(&mut output, &output_rs, config);
+        assert_eq!(err, ReturnCode::Ok);
+
+        assert_eq!(input, output);
+    }
+
+    #[test]
+    fn zlib_ng_cve_2018_25032_default() {
+        const DEFAULT: &str = include_str!("deflate/test-data/zlib-ng/CVE-2018-25032/default.txt");
+        cve_test(DEFAULT.as_bytes())
+    }
+
+    #[test]
+    fn zlib_ng_cve_2018_25032_fixed() {
+        const FIXED: &str = include_str!("deflate/test-data/zlib-ng/CVE-2018-25032/fixed.txt");
+        cve_test(FIXED.as_bytes())
+    }
+
     fn fuzz_based_test(input: &[u8], config: DeflateConfig, expected: &[u8]) {
         let mut output_ng = [0; 1 << 17];
         let (output_ng, err) = compress_slice_ng(&mut output_ng, input, config);

diff --git a/zlib-rs/src/deflate/test-data/zlib-ng/CVE-2018-25032/default.txt b/zlib-rs/src/deflate/test-data/zlib-ng/CVE-2018-25032/default.txt
diff --git a/zlib-rs/src/deflate/test-data/zlib-ng/CVE-2018-25032/fixed.txt b/zlib-rs/src/deflate/test-data/zlib-ng/CVE-2018-25032/fixed.txt
diff --git a/zlib-rs/src/deflate/test-data/zlib-ng/GH-382/defneg3.dat b/zlib-rs/src/deflate/test-data/zlib-ng/GH-382/defneg3.dat
@@ -0,0 +1 @@
+o̙�?�O���ḩ���>����̝̹̘���E�s̗̍�4̢̙̑�6������\���5̪̲̕�m�̖��̺̜��̧�����̖����m����̵�G���O��� ��������̄�;̔��̒�������,��̢���A�9̻��̂���s��̼���̭�e�����U�u��̱���w��̕�D��̋̽�t̞̣̹�����O����̅�p�G��̰���(���̤�{̓�����������M�#̝��̵�d̷�I���h�_�p�J��̢����ó�����;�<̘�Z�����o�W̄̿�}�����:��̧̻̕�e�F�t�(�E�o���p�̢�(�;�������!̹̹���̜�����4���3��̋�B̎���u�P�6̓���&̦̳̕����̻���T��̧�b��������{��̡���N�9����B��
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		o̙�?�O��ḩ��>��̝̹̘��E�s̗̍�4̢̙̑�6��\��5̪̲̕�m�̖��̺̜��̧��̖��m��̵�G��O�� ̄�;̔��̒��,��̢��A�9̻��̂��s��̼��̭�e��U�u��̱��w��̕�D��̋̽�t̞̣̹��O��̅�p�G��̰��(��̤�{̓��M�#̝��̵�d̷�I��h�_�p�J��̢��ó��;�<̘�Z��o�W̄̿�}��:��̧̻̕�e�F�t�(�E�o��p�̢�(�;��!̹̹��̜��4��3��̋�B̎��u�P�6̓��&̦̳̕��̻��T��̧�b��{��̡��N�9��B��