Date: Fri, 31 Jul 2009 09:29:21 +0400 From: Eygene Ryabinkin <rea-fbsd@codelabs.ru> To: d@delphij.net Cc: rrl <endian.sign@gmail.com>, freebsd-security@freebsd.org Subject: Re: gzip memory corruption Message-ID: <856ux8zhn21/d1hDLYeNjC7FQ1Y@xg9dzetjpj18poIU9mNsJ0TqP1U> In-Reply-To: <4A7231A1.2050104@delphij.net> References: <20090708193339.GA4836@minerva.freedsl.mg> <qbNi6WaraP%2BYYd65ZtihTj0ewks@BpFm1zkZmHABxHH1eUOcQSRoWTc> <4A553080.5060205@delphij.net> <4A553458.70005@delphij.net> <LxW4OaFbQKVvB5FP5/FFtXkZd3U@%2BE41IXYRRzAjXLJbRTrYDjniL/s> <4A7231A1.2050104@delphij.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Xin, good day.
Thu, Jul 30, 2009 at 04:49:53PM -0700, Xin LI wrote:
> Having checked with GNU's gzip, it looks like that they arbitrarily set
> an upper limit of the suffix length to 30. This is unrelated to the
> memcpy bug but let's address it here as well. My revised patch would
> make the memcpy into a fatal errx, and reduce the allowed suffix length
> to 30 to match GNU behavior.
>
> Please let me know if this version looks better, I'll propose it to re@
> and commit if they approved it.
Yes, this patch looks much better, thanks! One thing: I would expand
the error message here:
> + if (len >= SUFFIX_MAXLEN)
> + errx(1, "incorrect suffix: '%s'", optarg);
say to
> + errx(1, "incorrect suffix: '%s': too long", optarg);
I will be better, since the reason of incorrectness will be stated:
it is not very obvious why the suffix like
'.barrhmumbojombofromthemightyuserwhoseemtogonecompletelymad'
isn't acceptable ;))
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?856ux8zhn21/d1hDLYeNjC7FQ1Y>