Date: Mon, 11 Mar 2002 16:10:00 -0800 From: "Peter Kieser" <pfak@telus.net> To: <hawkeyd@visi.com> Cc: <freebsd-security@freebsd.org> Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? Message-ID: <006901c1c95a$403cf1a0$6401a8c0@pfak> References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk> <20020311180248.A23212@sheol.localdomain>
next in thread | previous in thread | raw e-mail | index | archive | help
Thank gosh, At least it doesn't effect BSD, another blow for the faltering Linux. Hmm, someone real is going to have to verify it though (BSD). At least theres no remote exploits now, so we'll have time to prepare for the blow ^_^. --Peter ----- Original Message ----- From: "D J Hawkey Jr" <hawkeyd@visi.com> To: "Poul-Henning Kamp" <phk@critter.freebsd.dk> Cc: "security at FreeBSD" <freebsd-security@FreeBSD.ORG> Sent: Monday, March 11, 2002 4:02 PM Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? > On Mar 11, at 11:40 PM, Poul-Henning Kamp wrote: > > > > In message <20020311154424.A22882@sheol.localdomain>, D J Hawkey Jr writes: > > > > > > >As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling" > > > >fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable? > > > > As author of our malloc(3) it is my opinion that we are not vulnerable to > > this (kind of) bug. > > > > Most mallocs keep their housekeeping data right next to the allocated > > range. This gives rise to all sorts of unpleassant situations if > > programs stray outside the dotted line, free(3) things twice or > > free(3) modified pointers. > > > > phkmalloc(3) does not store housekeeping next to allocated data, > > and in particular it has code that detects and complains about > > exactly the kind of double free this advisory talks about: > > > > [SNIP] > > Most excellent. Can't beat having the author's own explanation! > > > Poul-Henning Kamp > > Dave > > -- > ______________________ ______________________ > \__________________ \ D. J. HAWKEY JR. / __________________/ > \________________/\ hawkeyd@visi.com /\________________/ > http://www.visi.com/~hawkeyd/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006901c1c95a$403cf1a0$6401a8c0>