Date: Mon, 11 Mar 2002 18:02:48 -0600 From: D J Hawkey Jr <hawkeyd@visi.com> To: Poul-Henning Kamp <phk@critter.freebsd.dk> Cc: security at FreeBSD <freebsd-security@FreeBSD.ORG> Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? Message-ID: <20020311180248.A23212@sheol.localdomain> In-Reply-To: <64040.1015886430@critter.freebsd.dk>; from phk@critter.freebsd.dk on Mon, Mar 11, 2002 at 11:40:30PM %2B0100 References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mar 11, at 11:40 PM, Poul-Henning Kamp wrote:
>
> In message <20020311154424.A22882@sheol.localdomain>, D J Hawkey Jr writes:
> >
> > >As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling"
> > >fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable?
>
> As author of our malloc(3) it is my opinion that we are not vulnerable to
> this (kind of) bug.
>
> Most mallocs keep their housekeeping data right next to the allocated
> range. This gives rise to all sorts of unpleassant situations if
> programs stray outside the dotted line, free(3) things twice or
> free(3) modified pointers.
>
> phkmalloc(3) does not store housekeeping next to allocated data,
> and in particular it has code that detects and complains about
> exactly the kind of double free this advisory talks about:
>
> [SNIP]
Most excellent. Can't beat having the author's own explanation!
> Poul-Henning Kamp
Dave
--
______________________ ______________________
\__________________ \ D. J. HAWKEY JR. / __________________/
\________________/\ hawkeyd@visi.com /\________________/
http://www.visi.com/~hawkeyd/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020311180248.A23212>