From owner-freebsd-security  Tue Mar 12  7:53:51 2002
Delivered-To: freebsd-security@freebsd.org
Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40])
	by hub.freebsd.org (Postfix) with ESMTP
	id 265A037B7DC; Tue, 12 Mar 2002 07:53:39 -0800 (PST)
Received: by peitho.fxp.org (Postfix, from userid 1000)
	id C1A2D13667; Tue, 12 Mar 2002 10:52:16 -0500 (EST)
Date: Tue, 12 Mar 2002 10:52:16 -0500
From: Chris Faulhaber <jedgar@fxp.org>
To: Mike Tancsa <mike@sentex.net>
Cc: "Brian F. Feldman" <green@FreeBSD.ORG>,
	"Jacques A. Vidrine" <nectar@FreeBSD.ORG>,
	freebsd-security@FreeBSD.ORG
Subject: Re: zlib and FreeBSD (was Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?)
Message-ID: <20020312155216.GF94019@peitho.fxp.org>
References: <20020312145337.GB35955@madman.nectar.cc> <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="qp4W5+cUSnZs0RIF"
Content-Disposition: inline
In-Reply-To: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca>
User-Agent: Mutt/1.3.24i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


--qp4W5+cUSnZs0RIF
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Tue, Mar 12, 2002 at 10:29:06AM -0500, Mike Tancsa wrote:
>=20
> Hi,
> Although it sounds like the bug is not exploitable on FreeBSD, is there a=
=20
> potential for a Denial of Service still with systems prior to the Feb 22=
=20
> commit?
>=20

With phkmalloc(3), normally you will just get:

progname in free(): error: chunk is already free

unless the 'A' malloc option is set, then the program will
abort(3) which could be considered a Denial of Service.

--=20
Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
--------------------------------------------------------
FreeBSD: The Power To Serve   -   http://www.FreeBSD.org

--qp4W5+cUSnZs0RIF
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: FreeBSD: The Power To Serve

iEYEARECAAYFAjyOJDAACgkQObaG4P6BelDZlACfVjxNM/KDwCn2L/QbIumsLwR/
leoAn2oFAZIvWRVf6JqZgsnHxaQVQeDA
=XR4d
-----END PGP SIGNATURE-----

--qp4W5+cUSnZs0RIF--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message