1#!/bin/bash 2TESTDIR="$(dirname "$0")" 3 4# check for QEMU if QEMU_RUN is set 5if [ ! -z "${QEMU_RUN}" ]; then 6 QEMU_VERSION=$(${QEMU_RUN} --version 2> /dev/null) 7 if [ -z "${QEMU_VERSION}" ]; then 8 echo "**** You need QEMU to run tests on non-native platform" 9 exit 1 10 fi 11fi 12 13CVEs="CVE-2002-0059 CVE-2004-0797 CVE-2005-1849 CVE-2005-2096" 14 15for CVE in $CVEs; do 16 fail=0 17 for testcase in ${TESTDIR}/${CVE}/*.gz; do 18 ${QEMU_RUN} ../minigzip${EXE} -d < "$testcase" 19 # we expect that a 1 error code is OK 20 # for a vulnerable failure we'd expect 134 or similar 21 if [ $? -ne 1 ] && [ $? -ne 0 ]; then 22 fail=1 23 fi 24 done 25 if [ $fail -eq 0 ]; then 26 echo " --- zlib not vulnerable to $CVE ---"; 27 else 28 echo " --- zlib VULNERABLE to $CVE ---"; exit 1; 29 fi 30done 31