3372 – Using an invalid flush value for zlib inflate.

Bug 3372 - Using an invalid flush value for zlib inflate.

Summary: Using an invalid flush value for zlib inflate.

Status:	CLOSED FIXED

Alias:	None

Product:	Portable OpenSSH
Classification:	Unclassified
Component:	scp (show other bugs)
Version:	-current
Hardware:	All Linux

Importance:	P5 minor
Assignee:	Assigned to nobody

URL:
Keywords:

Depends on:
Blocks:	V_8_9
	Show dependency tree / graph

Reported:	2021-12-10 08:37 AEDT by lamm
Modified:	2022-02-25 13:56 AEDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description lamm 2021-12-10 08:37:45 AEDT

At packet.c:796 the function inflate is called with flush equals Z_PARTIAL_FLUSH. Following zlib.h comment at line 432 this is not a valid value for inflate.
From what I understand using Z_PARTIAL_FLUSH has the same effect as Z_NO_FLUSH.

Comment 1 Damien Miller 2022-01-14 14:30:10 AEDT

This should be harmless as the corresponding deflate() call uses Z_PARTIAL_FLUSH that should guarantee that the entirety of the compressed data is available even for Z_NO_FLUSH. I'll see about changing the deflate side to a explicitly-supported flag.

Comment 2 Damien Miller 2022-01-18 10:00:13 AEDT

This has been committed and will be included in the openssh-8.9 release. Thanks!

Comment 3 Damien Miller 2022-02-25 13:56:43 AEDT

closing bugs resolved before openssh-8.9