Skip to content

security: replace strcpy with memcpy in legacy fallbacks; add zcalloc overflow guard#1274

Open
MH1983-web wants to merge 1 commit into
madler:developfrom
MH1983-web:security-hardening-strcpy-zcalloc
Open

security: replace strcpy with memcpy in legacy fallbacks; add zcalloc overflow guard#1274
MH1983-web wants to merge 1 commit into
madler:developfrom
MH1983-web:security-hardening-strcpy-zcalloc

Conversation

@MH1983-web

Copy link
Copy Markdown

Summary

Two proactive security hardening improvements to the legacy fallback
code paths, both independently confirmed as not addressed by the
1.3.2 / 7ASecurity audit fixes.

Change 1: strcpy → memcpy in legacy fallbacks (gzlib.c)

In gz_open() and gz_error(), the #else fallback blocks (active only
under NO_snprintf/NO_vsnprintf) used strcpy() to copy into buffers
whose sizes were computed immediately before the copy. Replaced with
memcpy(dst, src, strlen(src) + 1) which makes the size relationship
explicit, is not flagged by static analyzers, and produces equivalent
behavior on all platforms.

Affected lines: gz_open() line 222, gz_error() line 584.

Change 2: Integer overflow guard in zcalloc() (zutil.c)

The expression malloc(items * size) where both operands are unsigned
int is vulnerable to silent integer overflow on LLP64 platforms
(Windows x64), where unsigned int is 32-bit but size_t is 64-bit.

Added explicit overflow check before the multiplication:

if (items != 0 && size > (unsigned)(-1) / items)
    return NULL;

This uses only integer division (no overflow risk) and returns NULL
for any combination where items * size would overflow.

Testing

New test added: test/hardening_test.c

Testing zcalloc overflow protection... PASS
Testing inflateBack distance check (compile-time)... PASS
PASS: 0 tests failed

Build: gcc -I. -o test_hardening test/hardening_test.c libz.a -lm

Notes

  • strcpy fallbacks are only active under NO_snprintf/NO_vsnprintf
  • zcalloc fix applies to all non-SYS16BIT, non-M_I86 builds
  • No behavior change on platforms where overflow does not occur
  • Confirmed not covered by fd36638 (7ASecurity audit fix)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant