From owner-freebsd-security  Tue Mar 12  8: 0:12 2002
Delivered-To: freebsd-security@freebsd.org
Received: from smtp1.sentex.ca (smtp1.sentex.ca [199.212.134.4])
	by hub.freebsd.org (Postfix) with ESMTP id 92CA637B8FC
	for <freebsd-security@FreeBSD.ORG>; Tue, 12 Mar 2002 07:59:08 -0800 (PST)
Received: from simoeon.sentex.net (pyroxene.sentex.ca [199.212.134.18])
	by smtp1.sentex.ca (8.11.6/8.11.6) with ESMTP id g2CFtJp83997;
	Tue, 12 Mar 2002 10:55:19 -0500 (EST)
	(envelope-from mike@sentex.net)
Message-Id: <5.1.0.14.0.20020312104817.0649e0c0@marble.sentex.ca>
X-Sender: mdtpop@marble.sentex.ca
X-Mailer: QUALCOMM Windows Eudora Version 5.1
Date: Tue, 12 Mar 2002 10:49:31 -0500
To: Chris Faulhaber <jedgar@fxp.org>
From: Mike Tancsa <mike@sentex.net>
Subject: Re: zlib and FreeBSD (was Re: RedHat advisory -
  RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?)
Cc: freebsd-security@FreeBSD.ORG
In-Reply-To: <20020312155216.GF94019@peitho.fxp.org>
References: <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca>
 <20020312145337.GB35955@madman.nectar.cc>
 <5.1.0.14.0.20020312102633.027e5e40@marble.sentex.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


Is this possible to happen in kernel space as well (e.g. somewhere in the 
networking code) ?  And if so, would that constitute a panic ?

         ---Mike

At 10:52 AM 3/12/02 -0500, Chris Faulhaber wrote:
>On Tue, Mar 12, 2002 at 10:29:06AM -0500, Mike Tancsa wrote:
> >
> > Hi,
> > Although it sounds like the bug is not exploitable on FreeBSD, is there a
> > potential for a Denial of Service still with systems prior to the Feb 22
> > commit?
> >
>
>With phkmalloc(3), normally you will just get:
>
>progname in free(): error: chunk is already free
>
>unless the 'A' malloc option is set, then the program will
>abort(3) which could be considered a Denial of Service.
>
>--
>Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org
>--------------------------------------------------------
>FreeBSD: The Power To Serve   -   http://www.FreeBSD.org


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message