Date: Fri, 14 Mar 2003 18:03:24 -0800 From: David Schultz <das@FreeBSD.ORG> To: Eivind Eklund <eivind@FreeBSD.ORG> Cc: Jean-Marc Zucconi <jmz@FreeBSD.ORG>, src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/lib/libz gzio.c Message-ID: <20030315020324.GA24565@HAL9000.homeunix.com> In-Reply-To: <20030314044434.B42430@FreeBSD.org> References: <200303140147.h2E1l11r023091@repoman.freebsd.org> <20030314044434.B42430@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Thus spake Eivind Eklund <eivind@FreeBSD.org>: > On Thu, Mar 13, 2003 at 05:47:01PM -0800, Jean-Marc Zucconi wrote: > > jmz 2003/03/13 17:47:01 PST > > > > FreeBSD src repository > > > > Modified files: > > lib/libz gzio.c > > Log: > > In src/lib/libz/gzio.c the function gzprintf does not check if the > > amount of bytes (supposed to be) written by vsnprintf exceeds the > > size of the buffer. > > > > PR: bin/48844 > > Submitted by: Peter A Jonsson <pj@ludd.luth.se> > > Obtained from: OpenBSD > > MFC after: 1 month > > Are we sure this does not have security implications and should be merged > ASAP? It sounds like a security fix, and one I'd like to have in 4.8 - if > gunzipping files can be exploited, it could turn nasty. Probably not. The bug doesn't cause a buffer overflow; it just causes gzprintf() to truncate its output for large strings and return success instead of returning failure as it should. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030315020324.GA24565>