Prevent the use of insecure functions without an explicit request.

ZLIB_INSECURE must be defined in order to compile code that uses
the insecure functions vsprintf() or sprintf(). This would occur
only if the standard vsnprintf() or snprintf() functions are not
available. Providing the --insecure option to ./configure will
define ZLIB_INSECURE. A flag is added to zlibCompileFlags() to
indicate that gzprintf() is not implemented due to the need for
the use of an insecure function, but ZLIB_INSECURE was not
defined.

1 files changed, 26 insertions, 2 deletions

diff --git a/gzwrite.c b/gzwrite.c
index 9348473..acea74f 100644
--- a/gzwrite.c
+++ b/gzwrite.c
@@ -371,6 +371,9 @@ int ZEXPORT gzputs(gzFile file, const char *s) {
     return len && put == 0 ? -1 : (int)put;
 }
 
+#if (((!defined(STDC) && !defined(Z_HAVE_STDARG_H)) || !defined(NO_vsnprintf)) && \
+     (defined(STDC) || defined(Z_HAVE_STDARG_H) || !defined(NO_snprintf))) || \
+    defined(ZLIB_INSECURE)
 /* If the second half of the input buffer is occupied, write out the contents.
    If there is any input remaining due to a non-blocking stall on write, move
    it to the start of the buffer. Return true if this did not open up the
@@ -391,12 +394,20 @@ local int gz_vacate(gz_statep state) {
     strm->next_in = state->in;
     return strm->avail_in > state->size;
 }
+#endif
 
 #if defined(STDC) || defined(Z_HAVE_STDARG_H)
 #include <stdarg.h>
 
 /* -- see zlib.h -- */
 int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va) {
+#if defined(NO_vsnprintf) && !defined(ZLIB_INSECURE)
+#warning "vsnprintf() not available -- gzprintf() stub returns Z_STREAM_ERROR"
+#warning "you can recompile with ZLIB_INSECURE defined to use vsprintf()"
+    /* prevent use of insecure vsprintf(), unless purposefully requested */
+    (void)file, (void)format, (void)va;
+    return Z_STREAM_ERROR;
+#else
     int len, ret;
     char *next;
     gz_statep state;
@@ -470,6 +481,7 @@ int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va) {
     if (state->err && !state->again)
         return state->err;
     return len;
+#endif
 }
 
 int ZEXPORTVA gzprintf(gzFile file, const char *format, ...) {
@@ -489,6 +501,17 @@ int ZEXPORTVA gzprintf(gzFile file, const char *format, int a1, int a2, int a3,
                        int a4, int a5, int a6, int a7, int a8, int a9, int a10,
                        int a11, int a12, int a13, int a14, int a15, int a16,
                        int a17, int a18, int a19, int a20) {
+#if defined(NO_snprintf) && !defined(ZLIB_INSECURE)
+#warning "snprintf() not available -- gzprintf() stub returns Z_STREAM_ERROR"
+#warning "you can recompile with ZLIB_INSECURE defined to use sprintf()"
+    /* prevent use of insecure sprintf(), unless purposefully requested */
+    (void)file, (void)format, (void)a1, (void)a2, (void)a3, (void)a4, (void)a5,
+    (void)a6, (void)a7, (void)a8, (void)a9, (void)a10, (void)a11, (void)a12,
+    (void)a13, (void)a14, (void)a15, (void)a16, (void)a17, (void)a18,
+    (void)a19, (void)a20;
+    return Z_STREAM_ERROR;
+#else
+    int ret;
     unsigned len, left;
     char *next;
     gz_statep state;
@@ -511,11 +534,11 @@ int ZEXPORTVA gzprintf(gzFile file, const char *format, int a1, int a2, int a3,
 
     /* make sure we have some buffer space */
     if (state->size == 0 && gz_init(state) == -1)
-        return state->error;
+        return state->err;
 
     /* check for seek request */
     if (state->skip && gz_zero(state) == -1)
-        return state->error;
+        return state->err;
 
     /* do the printf() into the input buffer, put length in len -- the input
        buffer is double-sized just for this function, so there is guaranteed to
@@ -571,6 +594,7 @@ int ZEXPORTVA gzprintf(gzFile file, const char *format, int a1, int a2, int a3,
     if (state->err && !state->again)
         return state->err;
     return (int)len;
+#endif
 }
 
 #endif