src/zlib-ng/test/testCVEinputs.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

#!/bin/bash
TESTDIR="$(dirname "$0")"

# check for QEMU if QEMU_RUN is set
if [ ! -z "${QEMU_RUN}" ]; then
    QEMU_VERSION=$(${QEMU_RUN} --version 2> /dev/null)
    if [ -z "${QEMU_VERSION}" ]; then
        echo "**** You need QEMU to run tests on non-native platform"
        exit 1
    fi
fi

CVEs="CVE-2002-0059 CVE-2004-0797 CVE-2005-1849 CVE-2005-2096"

for CVE in $CVEs; do
    fail=0
    for testcase in ${TESTDIR}/${CVE}/*.gz; do
    ${QEMU_RUN} ../minigzip${EXE} -d < "$testcase"
    # we expect that a 1 error code is OK
    # for a vulnerable failure we'd expect 134 or similar
    if [ $? -ne 1 ] && [ $? -ne 0 ]; then
        fail=1
    fi
    done
    if [ $fail -eq 0 ]; then
    echo "          --- zlib not vulnerable to $CVE ---";
    else
    echo "          --- zlib VULNERABLE to $CVE ---"; exit 1;
    fi
done