From fd366384cf324d750596feb03be44ddf4d1e6acd Mon Sep 17 00:00:00 2001 From: Mark Adler Date: Sat, 3 Jan 2026 01:07:40 -0600 Subject: Prevent the use of insecure functions without an explicit request. ZLIB_INSECURE must be defined in order to compile code that uses the insecure functions vsprintf() or sprintf(). This would occur only if the standard vsnprintf() or snprintf() functions are not available. Providing the --insecure option to ./configure will define ZLIB_INSECURE. A flag is added to zlibCompileFlags() to indicate that gzprintf() is not implemented due to the need for the use of an insecure function, but ZLIB_INSECURE was not defined. --- gzwrite.c | 28 ++++++++++++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) (limited to 'gzwrite.c') diff --git a/gzwrite.c b/gzwrite.c index 9348473..acea74f 100644 --- a/gzwrite.c +++ b/gzwrite.c @@ -371,6 +371,9 @@ int ZEXPORT gzputs(gzFile file, const char *s) { return len && put == 0 ? -1 : (int)put; } +#if (((!defined(STDC) && !defined(Z_HAVE_STDARG_H)) || !defined(NO_vsnprintf)) && \ + (defined(STDC) || defined(Z_HAVE_STDARG_H) || !defined(NO_snprintf))) || \ + defined(ZLIB_INSECURE) /* If the second half of the input buffer is occupied, write out the contents. If there is any input remaining due to a non-blocking stall on write, move it to the start of the buffer. Return true if this did not open up the @@ -391,12 +394,20 @@ local int gz_vacate(gz_statep state) { strm->next_in = state->in; return strm->avail_in > state->size; } +#endif #if defined(STDC) || defined(Z_HAVE_STDARG_H) #include /* -- see zlib.h -- */ int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va) { +#if defined(NO_vsnprintf) && !defined(ZLIB_INSECURE) +#warning "vsnprintf() not available -- gzprintf() stub returns Z_STREAM_ERROR" +#warning "you can recompile with ZLIB_INSECURE defined to use vsprintf()" + /* prevent use of insecure vsprintf(), unless purposefully requested */ + (void)file, (void)format, (void)va; + return Z_STREAM_ERROR; +#else int len, ret; char *next; gz_statep state; @@ -470,6 +481,7 @@ int ZEXPORTVA gzvprintf(gzFile file, const char *format, va_list va) { if (state->err && !state->again) return state->err; return len; +#endif } int ZEXPORTVA gzprintf(gzFile file, const char *format, ...) { @@ -489,6 +501,17 @@ int ZEXPORTVA gzprintf(gzFile file, const char *format, int a1, int a2, int a3, int a4, int a5, int a6, int a7, int a8, int a9, int a10, int a11, int a12, int a13, int a14, int a15, int a16, int a17, int a18, int a19, int a20) { +#if defined(NO_snprintf) && !defined(ZLIB_INSECURE) +#warning "snprintf() not available -- gzprintf() stub returns Z_STREAM_ERROR" +#warning "you can recompile with ZLIB_INSECURE defined to use sprintf()" + /* prevent use of insecure sprintf(), unless purposefully requested */ + (void)file, (void)format, (void)a1, (void)a2, (void)a3, (void)a4, (void)a5, + (void)a6, (void)a7, (void)a8, (void)a9, (void)a10, (void)a11, (void)a12, + (void)a13, (void)a14, (void)a15, (void)a16, (void)a17, (void)a18, + (void)a19, (void)a20; + return Z_STREAM_ERROR; +#else + int ret; unsigned len, left; char *next; gz_statep state; @@ -511,11 +534,11 @@ int ZEXPORTVA gzprintf(gzFile file, const char *format, int a1, int a2, int a3, /* make sure we have some buffer space */ if (state->size == 0 && gz_init(state) == -1) - return state->error; + return state->err; /* check for seek request */ if (state->skip && gz_zero(state) == -1) - return state->error; + return state->err; /* do the printf() into the input buffer, put length in len -- the input buffer is double-sized just for this function, so there is guaranteed to @@ -571,6 +594,7 @@ int ZEXPORTVA gzprintf(gzFile file, const char *format, int a1, int a2, int a3, if (state->err && !state->again) return state->err; return (int)len; +#endif } #endif -- cgit v1.2.3-55-g6feb