From owner-freebsd-security Mon Mar 11 16:10:11 2002 Delivered-To: freebsd-security@freebsd.org Received: from priv-edtnes12-hme0.telusplanet.net (fepout4.telus.net [199.185.220.239]) by hub.freebsd.org (Postfix) with ESMTP id 2E77337B400 for ; Mon, 11 Mar 2002 16:09:50 -0800 (PST) Received: from pfak ([216.232.34.44]) by priv-edtnes12-hme0.telusplanet.net (InterMail vM.5.01.04.01 201-253-122-122-101-20011014) with SMTP id <20020312000946.LVNS9959.priv-edtnes12-hme0.telusplanet.net@pfak>; Mon, 11 Mar 2002 17:09:46 -0700 Message-ID: <006901c1c95a$403cf1a0$6401a8c0@pfak> From: "Peter Kieser" To: Cc: References: <20020311154424.A22882@sheol.localdomain> <64040.1015886430@critter.freebsd.dk> <20020311180248.A23212@sheol.localdomain> Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? Date: Mon, 11 Mar 2002 16:10:00 -0800 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thank gosh, At least it doesn't effect BSD, another blow for the faltering Linux. Hmm, someone real is going to have to verify it though (BSD). At least theres no remote exploits now, so we'll have time to prepare for the blow ^_^. --Peter ----- Original Message ----- From: "D J Hawkey Jr" To: "Poul-Henning Kamp" Cc: "security at FreeBSD" Sent: Monday, March 11, 2002 4:02 PM Subject: Re: RedHat advisory - RHSA-2002:026-35 zlib double free -- Is this 4.5-R-p1? > On Mar 11, at 11:40 PM, Poul-Henning Kamp wrote: > > > > In message <20020311154424.A22882@sheol.localdomain>, D J Hawkey Jr writes: > > > > > > >As the subjext asks, does the 4.5-RELEASE-p1 "zlib inflate error handling" > > > >fix the bug addressed by the RH advisory, or is FreeBSD's zlib vulnerable? > > > > As author of our malloc(3) it is my opinion that we are not vulnerable to > > this (kind of) bug. > > > > Most mallocs keep their housekeeping data right next to the allocated > > range. This gives rise to all sorts of unpleassant situations if > > programs stray outside the dotted line, free(3) things twice or > > free(3) modified pointers. > > > > phkmalloc(3) does not store housekeeping next to allocated data, > > and in particular it has code that detects and complains about > > exactly the kind of double free this advisory talks about: > > > > [SNIP] > > Most excellent. Can't beat having the author's own explanation! > > > Poul-Henning Kamp > > Dave > > -- > ______________________ ______________________ > \__________________ \ D. J. HAWKEY JR. / __________________/ > \________________/\ hawkeyd@visi.com /\________________/ > http://www.visi.com/~hawkeyd/ > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message