From owner-freebsd-security Tue Feb 25 2: 6:48 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 166B237B401 for ; Tue, 25 Feb 2003 02:06:46 -0800 (PST) Received: from geminix.org (gen129.n001.c02.escapebox.net [213.73.91.129]) by mx1.FreeBSD.org (Postfix) with ESMTP id 26F3143FBF for ; Tue, 25 Feb 2003 02:06:45 -0800 (PST) (envelope-from gemini@geminix.org) Received: from pd9e10453.dip.t-dialin.net ([217.225.4.83] helo=geminix.org) by geminix.org with asmtp (TLSv1:RC4-MD5:128) (Exim 3.36 #1) id 18nbz1-000Ka9-00; Tue, 25 Feb 2003 11:06:43 +0100 Message-ID: <3E5B4025.60509@geminix.org> Date: Tue, 25 Feb 2003 11:06:29 +0100 From: Uwe Doering Organization: Private UNIX Site User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.2.1) Gecko/20021130 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: mlists.freebsd.security To: freebsd-security@freebsd.org Subject: Re: Fwd: buffer overrun in zlib 1.1.4 References: <20030224160844.GE82145@nevermind.kiev.ua> <20030224162747.GB87372@madman.celabo.org> In-Reply-To: <20030224162747.GB87372@madman.celabo.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Jacques A. Vidrine wrote: > On Mon, Feb 24, 2003 at 06:08:44PM +0200, Alexandr Kovalenko wrote: > >>----- Forwarded message from Richard Kettlewell ----- >> >>Date: Sat, 22 Feb 2003 00:05:47 +0000 >>From: Richard Kettlewell >>X-Mailer: Norman >>To: bugtraq@securityfocus.com >>Subject: buffer overrun in zlib 1.1.4 >>X-Mailer: VM 7.03 under 21.4 (patch 6) "Common Lisp" XEmacs Lucid >> >>zlib contains a function called gzprintf(). This is similar in >>behaviour to fprintf() except that by default, this function will >>smash the stack if called with arguments that expand to more than >>Z_PRINTF_BUFSIZE (=4096 by default) bytes. > > Nothing in the base system uses gzprintf, AFAIK. > If applications are found that use it (and do not check Z_PRINTF_BUFSIZE), > then please let us know. > > When an official zlib patch or new version is available, we'll > import it. Also, there is an explicit -DHAS_snprintf -DHAS_vsnprintf added to CFLAGS in the Makefile. So, as far as I understand the situation, the version in the base system should be immune against this buffer overrun, anyway. Uwe -- Uwe Doering Berlin, Germany To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message