Fix important bugs in redbean

This change upgrades to the latest Chromium Zlib, fixes bugs in redbean, and introduces better support for reverse proxies like Cloudflare. This change improves the security of redbean and it's recommended that users upgrade to the release that'll follow. This change also updates the docs to clarify how to use the security tools redbean provides e.g. pledge(), unveil(), and the MODE=asan builds which improve memory safety.
2025-08-03 08:20:28 +00:00 · 2022-09-17 01:37:33 -07:00 · 2022-09-17 01:37:33 -07:00 · 775944a2d0
commit 775944a2d0
parent 994e1f4386
42 changed files with 8148 additions and 7298 deletions
--- a/third_party/zlib/inflate.internal.h
+++ b/third_party/zlib/inflate.internal.h
@ -1,14 +1,11 @@
 #ifndef COSMOPOLITAN_THIRD_PARTY_ZLIB_INFLATE_H_
 #define COSMOPOLITAN_THIRD_PARTY_ZLIB_INFLATE_H_
 #include "third_party/zlib/inftrees.internal.h"
+#include "third_party/zlib/macros.internal.h"
 #include "third_party/zlib/zlib.h"
 #if !(__ASSEMBLER__ + __LINKER__ + 0)
 COSMOPOLITAN_C_START_
-
-/* inflate.h -- internal inflate state definition
- * Copyright (C) 1995-2016 Mark Adler
- * For conditions of distribution and use, see copyright notice in zlib.h
- */
+/* clang-format off */

 /* WARNING: this file should *not* be used by applications. It is
   part of the implementation of the compression library and is
@ -20,123 +17,116 @@ COSMOPOLITAN_C_START_
   the crc code when it is not needed.  For shared libraries, gzip decoding
   should be left enabled. */
 #ifndef NO_GZIP
-#define GUNZIP
+#  define GUNZIP
 #endif

-/**
- * Possible inflate modes between inflate() calls
- *
- * State transitions between modes -
- *
- * (most modes can go to BAD or MEM on error -- not shown for clarity)
- *
- * Process header:
- *     HEAD → (gzip) or (zlib) or (raw)
- *     (gzip) → FLAGS → TIME → OS → EXLEN → EXTRA → NAME → COMMENT →
- *               HCRC → TYPE
- *     (zlib) → DICTID or TYPE
- *     DICTID → DICT → TYPE
- *     (raw) → TYPEDO
- * Read deflate blocks:
- *         TYPE → TYPEDO → STORED or TABLE or LEN_ or CHECK
- *         STORED → COPY_ → COPY → TYPE
- *         TABLE → LENLENS → CODELENS → LEN_
- *         LEN_ → LEN
- * Read deflate codes in fixed or dynamic block:
- *             LEN → LENEXT or LIT or TYPE
- *             LENEXT → DIST → DISTEXT → MATCH → LEN
- *             LIT → LEN
- * Process trailer:
- *     CHECK → LENGTH → DONE
- */
+/* Possible inflate modes between inflate() calls */
 typedef enum {
-  HEAD = 16180, /* i: waiting for magic header */
-  FLAGS,        /* i: waiting for method and flags (gzip) */
-  TIME,         /* i: waiting for modification time (gzip) */
-  OS,           /* i: waiting for extra flags and operating system (gzip) */
-  EXLEN,        /* i: waiting for extra length (gzip) */
-  EXTRA,        /* i: waiting for extra bytes (gzip) */
-  NAME,         /* i: waiting for end of file name (gzip) */
-  COMMENT,      /* i: waiting for end of comment (gzip) */
-  HCRC,         /* i: waiting for header crc (gzip) */
-  DICTID,       /* i: waiting for dictionary check value */
-  DICT,         /* waiting for inflateSetDictionary() call */
-  TYPE,         /* i: waiting for type bits, including last-flag bit */
-  TYPEDO,       /* i: same, but skip check to exit inflate on new block */
-  STORED,       /* i: waiting for stored size (length and complement) */
-  COPY_,        /* i/o: same as COPY below, but only first time in */
-  COPY,         /* i/o: waiting for input or output to copy stored block */
-  TABLE,        /* i: waiting for dynamic block table lengths */
-  LENLENS,      /* i: waiting for code length code lengths */
-  CODELENS,     /* i: waiting for length/lit and distance code lengths */
-  LEN_,         /* i: same as LEN below, but only first time in */
-  LEN,          /* i: waiting for length/lit/eob code */
-  LENEXT,       /* i: waiting for length extra bits */
-  DIST,         /* i: waiting for distance code */
-  DISTEXT,      /* i: waiting for distance extra bits */
-  MATCH,        /* o: waiting for output space to copy string */
-  LIT,          /* o: waiting for output space to write literal */
-  CHECK,        /* i: waiting for 32-bit check value */
-  LENGTH,       /* i: waiting for 32-bit length (gzip) */
-  DONE,         /* finished check, done -- remain here until reset */
-  BAD,          /* got a data error -- remain here until reset */
-  MEM,          /* got an inflate() memory error -- remain here until reset */
-  SYNC          /* looking for synchronization bytes to restart inflate() */
+    HEAD = 16180,   /* i: waiting for magic header */
+    FLAGS,      /* i: waiting for method and flags (gzip) */
+    TIME,       /* i: waiting for modification time (gzip) */
+    OS,         /* i: waiting for extra flags and operating system (gzip) */
+    EXLEN,      /* i: waiting for extra length (gzip) */
+    EXTRA,      /* i: waiting for extra bytes (gzip) */
+    NAME,       /* i: waiting for end of file name (gzip) */
+    COMMENT,    /* i: waiting for end of comment (gzip) */
+    HCRC,       /* i: waiting for header crc (gzip) */
+    DICTID,     /* i: waiting for dictionary check value */
+    DICT,       /* waiting for inflateSetDictionary() call */
+        TYPE,       /* i: waiting for type bits, including last-flag bit */
+        TYPEDO,     /* i: same, but skip check to exit inflate on new block */
+        STORED,     /* i: waiting for stored size (length and complement) */
+        COPY_,      /* i/o: same as COPY below, but only first time in */
+        COPY,       /* i/o: waiting for input or output to copy stored block */
+        TABLE,      /* i: waiting for dynamic block table lengths */
+        LENLENS,    /* i: waiting for code length code lengths */
+        CODELENS,   /* i: waiting for length/lit and distance code lengths */
+            LEN_,       /* i: same as LEN below, but only first time in */
+            LEN,        /* i: waiting for length/lit/eob code */
+            LENEXT,     /* i: waiting for length extra bits */
+            DIST,       /* i: waiting for distance code */
+            DISTEXT,    /* i: waiting for distance extra bits */
+            MATCH,      /* o: waiting for output space to copy string */
+            LIT,        /* o: waiting for output space to write literal */
+    CHECK,      /* i: waiting for 32-bit check value */
+    LENGTH,     /* i: waiting for 32-bit length (gzip) */
+    DONE,       /* finished check, done -- remain here until reset */
+    BAD,        /* got a data error -- remain here until reset */
+    MEM,        /* got an inflate() memory error -- remain here until reset */
+    SYNC        /* looking for synchronization bytes to restart inflate() */
 } inflate_mode;

-/**
- * State maintained between inflate() calls -- approximately 7K bytes,
- * not including the allocated sliding window, which is up to 32K bytes.
+/*
+    State transitions between above modes -
+
+    (most modes can go to BAD or MEM on error -- not shown for clarity)
+
+    Process header:
+        HEAD -> (gzip) or (zlib) or (raw)
+        (gzip) -> FLAGS -> TIME -> OS -> EXLEN -> EXTRA -> NAME -> COMMENT ->
+                  HCRC -> TYPE
+        (zlib) -> DICTID or TYPE
+        DICTID -> DICT -> TYPE
+        (raw) -> TYPEDO
+    Read deflate blocks:
+            TYPE -> TYPEDO -> STORED or TABLE or LEN_ or CHECK
+            STORED -> COPY_ -> COPY -> TYPE
+            TABLE -> LENLENS -> CODELENS -> LEN_
+            LEN_ -> LEN
+    Read deflate codes in fixed or dynamic block:
+                LEN -> LENEXT or LIT or TYPE
+                LENEXT -> DIST -> DISTEXT -> MATCH -> LEN
+                LIT -> LEN
+    Process trailer:
+        CHECK -> LENGTH -> DONE
 */
-struct InflateState {
-  z_streamp strm;      /* pointer back to this zlib stream */
-  inflate_mode mode;   /* current inflate mode */
-  int last;            /* true if processing last block */
-  int wrap;            /* bit 0 true for zlib, bit 1 true for gzip,
-                          bit 2 true to validate check value */
-  int havedict;        /* true if dictionary provided */
-  int flags;           /* gzip header method and flags (0 if zlib) */
-  unsigned dmax;       /* zlib header max distance (INFLATE_STRICT) */
-  unsigned long check; /* protected copy of check value */
-  unsigned long total; /* protected copy of output count */
-  gz_headerp head;     /* where to save gzip header information */

-  /* sliding window */
-  unsigned wbits;        /* log base 2 of requested window size */
-  unsigned wsize;        /* window size or zero if not using window */
-  unsigned whave;        /* valid bytes in the window */
-  unsigned wnext;        /* window write index */
-  unsigned char *window; /* allocated sliding window, if needed */
-
-  /* bit accumulator */
-  unsigned long hold; /* input bit accumulator */
-  unsigned bits;      /* number of bits in "in" */
-
-  /* for string and stored block copying */
-  unsigned length; /* literal or length of data to copy */
-  unsigned offset; /* distance back to copy string from */
-
-  /* for table and code decoding */
-  unsigned extra; /* extra bits needed */
-
-  /* fixed and dynamic code tables */
-  const struct zcode *lencode;  /* starting table for length/literal codes */
-  const struct zcode *distcode; /* starting table for distance codes */
-  unsigned lenbits;             /* index bits for lencode */
-  unsigned distbits;            /* index bits for distcode */
-
-  /* dynamic table building */
-  unsigned ncode;             /* number of code length code lengths */
-  unsigned nlen;              /* number of length code lengths */
-  unsigned ndist;             /* number of distance code lengths */
-  unsigned have;              /* number of code lengths in lens[] */
-  struct zcode *next;         /* next available space in codes[] */
-  unsigned short lens[320];   /* temporary storage for code lengths */
-  unsigned short work[288];   /* work area for code table building */
-  struct zcode codes[ENOUGH]; /* space for code tables */
-  int sane;                   /* if false, allow invalid distance too far */
-  int back;                   /* bits back of last unprocessed length/lit */
-  unsigned was;               /* initial length of match */
+/* State maintained between inflate() calls -- approximately 7K bytes, not
+   including the allocated sliding window, which is up to 32K bytes. */
+struct inflate_state {
+    z_streamp strm;             /* pointer back to this zlib stream */
+    inflate_mode mode;          /* current inflate mode */
+    int last;                   /* true if processing last block */
+    int wrap;                   /* bit 0 true for zlib, bit 1 true for gzip,
+                                   bit 2 true to validate check value */
+    int havedict;               /* true if dictionary provided */
+    int flags;                  /* gzip header method and flags, 0 if zlib, or
+                                   -1 if raw or no header yet */
+    unsigned dmax;              /* zlib header max distance (INFLATE_STRICT) */
+    unsigned long check;        /* protected copy of check value */
+    unsigned long total;        /* protected copy of output count */
+    gz_headerp head;            /* where to save gzip header information */
+        /* sliding window */
+    unsigned wbits;             /* log base 2 of requested window size */
+    unsigned wsize;             /* window size or zero if not using window */
+    unsigned whave;             /* valid bytes in the window */
+    unsigned wnext;             /* window write index */
+    unsigned char FAR *window;  /* allocated sliding window, if needed */
+        /* bit accumulator */
+    unsigned long hold;         /* input bit accumulator */
+    unsigned bits;              /* number of bits in "in" */
+        /* for string and stored block copying */
+    unsigned length;            /* literal or length of data to copy */
+    unsigned offset;            /* distance back to copy string from */
+        /* for table and code decoding */
+    unsigned extra;             /* extra bits needed */
+        /* fixed and dynamic code tables */
+    code const FAR *lencode;    /* starting table for length/literal codes */
+    code const FAR *distcode;   /* starting table for distance codes */
+    unsigned lenbits;           /* index bits for lencode */
+    unsigned distbits;          /* index bits for distcode */
+        /* dynamic table building */
+    unsigned ncode;             /* number of code length code lengths */
+    unsigned nlen;              /* number of length code lengths */
+    unsigned ndist;             /* number of distance code lengths */
+    unsigned have;              /* number of code lengths in lens[] */
+    code FAR *next;             /* next available space in codes[] */
+    unsigned short lens[320];   /* temporary storage for code lengths */
+    unsigned short work[288];   /* work area for code table building */
+    code codes[ENOUGH];         /* space for code tables */
+    int sane;                   /* if false, allow invalid distance too far */
+    int back;                   /* bits back of last unprocessed length/lit */
+    unsigned was;               /* initial length of match */
 };

 COSMOPOLITAN_C_END_