Date: Tue, 25 Feb 2003 07:13:19 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Uwe Doering <gemini@geminix.org> Cc: freebsd-security@freebsd.org Subject: Re: Fwd: buffer overrun in zlib 1.1.4 Message-ID: <20030225131319.GA95282@madman.celabo.org> In-Reply-To: <3E5B4025.60509@geminix.org> References: <20030224160844.GE82145@nevermind.kiev.ua> <20030224162747.GB87372@madman.celabo.org> <3E5B4025.60509@geminix.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Feb 25, 2003 at 11:06:29AM +0100, Uwe Doering wrote: > Also, there is an explicit > > -DHAS_snprintf -DHAS_vsnprintf > > added to CFLAGS in the Makefile. So, as far as I understand the > situation, the version in the base system should be immune against this > buffer overrun, anyway. Yes, you're right about the overrun. The caveats about truncation may apply to those applications that do not check Z_PRINTF_BUFSIZE. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030225131319.GA95282>