zlib: backport upstream fix on CRC validation
Starting zlib 1.2.12, CRC validation has became stricter. This broke Keycloak ≥ 17 in certain situations, for details, see: - https://github.com/keycloak/keycloak/issues/11316 ; - https://github.com/NixOS/nixpkgs/issues/170539 This patch makes the CRC validation comprehensive with respect to older or already existing checksums out there.
This commit is contained in:
parent
b03728f029
commit
8335c46632
@ -0,0 +1,51 @@
|
||||
From ec3df00224d4b396e2ac6586ab5d25f673caa4c2 Mon Sep 17 00:00:00 2001
|
||||
From: Mark Adler <madler@alumni.caltech.edu>
|
||||
Date: Wed, 30 Mar 2022 11:14:53 -0700
|
||||
Subject: [PATCH] Correct incorrect inputs provided to the CRC functions.
|
||||
|
||||
The previous releases of zlib were not sensitive to incorrect CRC
|
||||
inputs with bits set above the low 32. This commit restores that
|
||||
behavior, so that applications with such bugs will continue to
|
||||
operate as before.
|
||||
---
|
||||
crc32.c | 8 ++++----
|
||||
1 file changed, 4 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/crc32.c b/crc32.c
|
||||
index a1bdce5c2..451887bc7 100644
|
||||
--- a/crc32.c
|
||||
+++ b/crc32.c
|
||||
@@ -630,7 +630,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
|
||||
#endif /* DYNAMIC_CRC_TABLE */
|
||||
|
||||
/* Pre-condition the CRC */
|
||||
- crc ^= 0xffffffff;
|
||||
+ crc = (~crc) & 0xffffffff;
|
||||
|
||||
/* Compute the CRC up to a word boundary. */
|
||||
while (len && ((z_size_t)buf & 7) != 0) {
|
||||
@@ -749,7 +749,7 @@ unsigned long ZEXPORT crc32_z(crc, buf, len)
|
||||
#endif /* DYNAMIC_CRC_TABLE */
|
||||
|
||||
/* Pre-condition the CRC */
|
||||
- crc ^= 0xffffffff;
|
||||
+ crc = (~crc) & 0xffffffff;
|
||||
|
||||
#ifdef W
|
||||
|
||||
@@ -1077,7 +1077,7 @@ uLong ZEXPORT crc32_combine64(crc1, crc2, len2)
|
||||
#ifdef DYNAMIC_CRC_TABLE
|
||||
once(&made, make_crc_table);
|
||||
#endif /* DYNAMIC_CRC_TABLE */
|
||||
- return multmodp(x2nmodp(len2, 3), crc1) ^ crc2;
|
||||
+ return multmodp(x2nmodp(len2, 3), crc1) ^ (crc2 & 0xffffffff);
|
||||
}
|
||||
|
||||
/* ========================================================================= */
|
||||
@@ -1112,5 +1112,5 @@ uLong crc32_combine_op(crc1, crc2, op)
|
||||
uLong crc2;
|
||||
uLong op;
|
||||
{
|
||||
- return multmodp(op, crc1) ^ crc2;
|
||||
+ return multmodp(op, crc1) ^ (crc2 & 0xffffffff);
|
||||
}
|
@ -42,6 +42,12 @@ stdenv.mkDerivation (rec {
|
||||
|
||||
patches = [
|
||||
./fix-configure-issue-cross.patch
|
||||
# Starting zlib 1.2.12, zlib is stricter to incorrect CRC inputs
|
||||
# with bits set above the low 32.
|
||||
# see https://github.com/madler/zlib/issues/618
|
||||
# TODO: remove the patch if upstream releases https://github.com/madler/zlib/commit/ec3df00224d4b396e2ac6586ab5d25f673caa4c2
|
||||
# see https://github.com/NixOS/nixpkgs/issues/170539 for history.
|
||||
./comprehensive-crc-validation-for-wrong-implementations.patch
|
||||
];
|
||||
|
||||
strictDeps = true;
|
||||
|
Loading…
Reference in New Issue
Block a user