Date: Tue, 25 Feb 2003 11:06:29 +0100 From: Uwe Doering <gemini@geminix.org> To: freebsd-security@freebsd.org Subject: Re: Fwd: buffer overrun in zlib 1.1.4 Message-ID: <3E5B4025.60509@geminix.org> In-Reply-To: <20030224162747.GB87372@madman.celabo.org> References: <20030224160844.GE82145@nevermind.kiev.ua> <20030224162747.GB87372@madman.celabo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Jacques A. Vidrine wrote:
> On Mon, Feb 24, 2003 at 06:08:44PM +0200, Alexandr Kovalenko wrote:
>
>>----- Forwarded message from Richard Kettlewell <rjk@greenend.org.uk> -----
>>
>>Date: Sat, 22 Feb 2003 00:05:47 +0000
>>From: Richard Kettlewell <rjk@greenend.org.uk>
>>X-Mailer: Norman
>>To: bugtraq@securityfocus.com
>>Subject: buffer overrun in zlib 1.1.4
>>X-Mailer: VM 7.03 under 21.4 (patch 6) "Common Lisp" XEmacs Lucid
>>
>>zlib contains a function called gzprintf(). This is similar in
>>behaviour to fprintf() except that by default, this function will
>>smash the stack if called with arguments that expand to more than
>>Z_PRINTF_BUFSIZE (=4096 by default) bytes.
>
> Nothing in the base system uses gzprintf, AFAIK.
> If applications are found that use it (and do not check Z_PRINTF_BUFSIZE),
> then please let us know.
>
> When an official zlib patch or new version is available, we'll
> import it.
Also, there is an explicit
-DHAS_snprintf -DHAS_vsnprintf
added to CFLAGS in the Makefile. So, as far as I understand the
situation, the version in the base system should be immune against this
buffer overrun, anyway.
Uwe
--
Uwe Doering <gemini@geminix.org>
Berlin, Germany
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3E5B4025.60509>