From owner-cvs-src  Fri Mar 14 18: 3:31 2003
Delivered-To: cvs-src@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP
	id 16A8E37B404; Fri, 14 Mar 2003 18:03:29 -0800 (PST)
Received: from HAL9000.homeunix.com (12-233-57-224.client.attbi.com [12.233.57.224])
	by mx1.FreeBSD.org (Postfix) with ESMTP
	id A4C1943F93; Fri, 14 Mar 2003 18:03:27 -0800 (PST)
	(envelope-from das@FreeBSD.ORG)
Received: from HAL9000.homeunix.com (localhost [127.0.0.1])
	by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id h2F23PIX024633;
	Fri, 14 Mar 2003 18:03:25 -0800 (PST)
	(envelope-from das@FreeBSD.ORG)
Received: (from das@localhost)
	by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id h2F23OBu024632;
	Fri, 14 Mar 2003 18:03:24 -0800 (PST)
	(envelope-from das@FreeBSD.ORG)
Date: Fri, 14 Mar 2003 18:03:24 -0800
From: David Schultz <das@FreeBSD.ORG>
To: Eivind Eklund <eivind@FreeBSD.ORG>
Cc: Jean-Marc Zucconi <jmz@FreeBSD.ORG>, src-committers@FreeBSD.ORG,
	cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG
Subject: Re: cvs commit: src/lib/libz gzio.c
Message-ID: <20030315020324.GA24565@HAL9000.homeunix.com>
Mail-Followup-To: Eivind Eklund <eivind@FreeBSD.org>,
	Jean-Marc Zucconi <jmz@FreeBSD.org>, src-committers@FreeBSD.org,
	cvs-src@FreeBSD.org, cvs-all@FreeBSD.org
References: <200303140147.h2E1l11r023091@repoman.freebsd.org> <20030314044434.B42430@FreeBSD.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20030314044434.B42430@FreeBSD.org>
Sender: owner-cvs-src@FreeBSD.ORG
Precedence: bulk
List-ID: <cvs-src.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20cvs-src>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20cvs-src>
X-Loop: FreeBSD.ORG

Thus spake Eivind Eklund <eivind@FreeBSD.org>:
> On Thu, Mar 13, 2003 at 05:47:01PM -0800, Jean-Marc Zucconi wrote:
> > jmz         2003/03/13 17:47:01 PST
> > 
> >   FreeBSD src repository
> > 
> >   Modified files:
> >     lib/libz             gzio.c 
> >   Log:
> >   In src/lib/libz/gzio.c the function gzprintf does not check if the
> >   amount of bytes (supposed to be) written by vsnprintf exceeds the
> >   size of the buffer.
> >   
> >   PR:             bin/48844
> >   Submitted by:   Peter A Jonsson <pj@ludd.luth.se>
> >   Obtained from:  OpenBSD
> >   MFC after:      1 month
> 
> Are we sure this does not have security implications and should be merged
> ASAP?  It sounds like a security fix, and one I'd like to have in 4.8 - if
> gunzipping files can be exploited, it could turn nasty.

Probably not.  The bug doesn't cause a buffer overflow; it just
causes gzprintf() to truncate its output for large strings and
return success instead of returning failure as it should.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-src" in the body of the message