From owner-cvs-all Fri Mar 14 4:44:36 2003 Delivered-To: cvs-all@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 683) id 3501237B401; Fri, 14 Mar 2003 04:44:34 -0800 (PST) Date: Fri, 14 Mar 2003 04:44:34 -0800 From: Eivind Eklund To: Jean-Marc Zucconi Cc: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libz gzio.c Message-ID: <20030314044434.B42430@FreeBSD.org> References: <200303140147.h2E1l11r023091@repoman.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5.1i In-Reply-To: <200303140147.h2E1l11r023091@repoman.freebsd.org>; from jmz@FreeBSD.org on Thu, Mar 13, 2003 at 05:47:01PM -0800 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Mar 13, 2003 at 05:47:01PM -0800, Jean-Marc Zucconi wrote: > jmz 2003/03/13 17:47:01 PST > > FreeBSD src repository > > Modified files: > lib/libz gzio.c > Log: > In src/lib/libz/gzio.c the function gzprintf does not check if the > amount of bytes (supposed to be) written by vsnprintf exceeds the > size of the buffer. > > PR: bin/48844 > Submitted by: Peter A Jonsson > Obtained from: OpenBSD > MFC after: 1 month Are we sure this does not have security implications and should be merged ASAP? It sounds like a security fix, and one I'd like to have in 4.8 - if gunzipping files can be exploited, it could turn nasty. Eivind. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message