From owner-freebsd-security  Mon Mar 11 16: 3:52 2002
Delivered-To: freebsd-security@freebsd.org
Received: from brea.mc.mpls.visi.com (brea.mc.mpls.visi.com [208.42.156.100])
	by hub.freebsd.org (Postfix) with ESMTP id 53D3D37B402
	for <freebsd-security@FreeBSD.ORG>; Mon, 11 Mar 2002 16:03:45 -0800 (PST)
Received: from sheol.localdomain (hawkeyd-fw.dsl.visi.com [208.42.101.193])
	by brea.mc.mpls.visi.com (Postfix) with ESMTP
	id CA7732DDB68; Mon, 11 Mar 2002 18:03:42 -0600 (CST)
Received: (from hawkeyd@localhost)
	by sheol.localdomain (8.11.6/8.11.6) id g2C02sW23233;
	Mon, 11 Mar 2002 18:02:54 -0600 (CST)
	(envelope-from hawkeyd)
Date: Mon, 11 Mar 2002 18:02:48 -0600
From: D J Hawkey Jr <hawkeyd@visi.com>
To: Poul-Henning Kamp <phk@critter.freebsd.dk>
Cc: security at FreeBSD <freebsd-security@FreeBSD.ORG>
Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1?
Message-ID: <20020311180248.A23212@sheol.localdomain>
Reply-To: hawkeyd@visi.com
References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <64040.1015886430@critter.freebsd.dk>; from phk@critter.freebsd.dk on Mon, Mar 11, 2002 at 11:40:30PM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Mar 11, at 11:40 PM, Poul-Henning Kamp wrote:
> 
> In message <20020311154424.A22882@sheol.localdomain>, D J Hawkey Jr writes:
> > 
> > >As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling"
> > >fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable?
> 
> As author of our malloc(3) it is my opinion that we are not vulnerable to
> this (kind of) bug.
> 
> Most mallocs keep their housekeeping data right next to the allocated
> range.  This gives rise to all sorts of unpleassant situations if
> programs stray outside the dotted line, free(3) things twice or
> free(3) modified pointers.
> 
> phkmalloc(3) does not store housekeeping next to allocated data,
> and in particular it has code that detects and complains about
> exactly the kind of double free this advisory talks about:
> 
>                [SNIP]

Most excellent. Can't beat having the author's own explanation!

> Poul-Henning Kamp

Dave

-- 
  ______________________                         ______________________
  \__________________   \    D. J. HAWKEY JR.   /   __________________/
     \________________/\     hawkeyd@visi.com    /\________________/
                      http://www.visi.com/~hawkeyd/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message