From owner-cvs-src Fri Mar 14 18: 3:31 2003 Delivered-To: cvs-src@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 16A8E37B404; Fri, 14 Mar 2003 18:03:29 -0800 (PST) Received: from HAL9000.homeunix.com (12-233-57-224.client.attbi.com [12.233.57.224]) by mx1.FreeBSD.org (Postfix) with ESMTP id A4C1943F93; Fri, 14 Mar 2003 18:03:27 -0800 (PST) (envelope-from das@FreeBSD.ORG) Received: from HAL9000.homeunix.com (localhost [127.0.0.1]) by HAL9000.homeunix.com (8.12.6/8.12.5) with ESMTP id h2F23PIX024633; Fri, 14 Mar 2003 18:03:25 -0800 (PST) (envelope-from das@FreeBSD.ORG) Received: (from das@localhost) by HAL9000.homeunix.com (8.12.6/8.12.5/Submit) id h2F23OBu024632; Fri, 14 Mar 2003 18:03:24 -0800 (PST) (envelope-from das@FreeBSD.ORG) Date: Fri, 14 Mar 2003 18:03:24 -0800 From: David Schultz To: Eivind Eklund Cc: Jean-Marc Zucconi , src-committers@FreeBSD.ORG, cvs-src@FreeBSD.ORG, cvs-all@FreeBSD.ORG Subject: Re: cvs commit: src/lib/libz gzio.c Message-ID: <20030315020324.GA24565@HAL9000.homeunix.com> Mail-Followup-To: Eivind Eklund , Jean-Marc Zucconi , src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org References: <200303140147.h2E1l11r023091@repoman.freebsd.org> <20030314044434.B42430@FreeBSD.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030314044434.B42430@FreeBSD.org> Sender: owner-cvs-src@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Thus spake Eivind Eklund : > On Thu, Mar 13, 2003 at 05:47:01PM -0800, Jean-Marc Zucconi wrote: > > jmz 2003/03/13 17:47:01 PST > > > > FreeBSD src repository > > > > Modified files: > > lib/libz gzio.c > > Log: > > In src/lib/libz/gzio.c the function gzprintf does not check if the > > amount of bytes (supposed to be) written by vsnprintf exceeds the > > size of the buffer. > > > > PR: bin/48844 > > Submitted by: Peter A Jonsson > > Obtained from: OpenBSD > > MFC after: 1 month > > Are we sure this does not have security implications and should be merged > ASAP? It sounds like a security fix, and one I'd like to have in 4.8 - if > gunzipping files can be exploited, it could turn nasty. Probably not. The bug doesn't cause a buffer overflow; it just causes gzprintf() to truncate its output for large strings and return success instead of returning failure as it should. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message