Date: Mon, 17 Mar 2003 15:35:06 -0600 From: "Jacques A. Vidrine" <nectar@FreeBSD.org> To: Eivind Eklund <eivind@FreeBSD.org> Cc: security-officer@freebsd.org, Jean-Marc Zucconi <jmz@FreeBSD.org>, src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/lib/libz gzio.c Message-ID: <20030317213506.GA58242@hellblazer.celabo.org> In-Reply-To: <20030314044434.B42430@FreeBSD.org> References: <200303140147.h2E1l11r023091@repoman.freebsd.org> <20030314044434.B42430@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Mar 14, 2003 at 04:44:34AM -0800, Eivind Eklund wrote: > On Thu, Mar 13, 2003 at 05:47:01PM -0800, Jean-Marc Zucconi wrote: > > jmz 2003/03/13 17:47:01 PST > > > > FreeBSD src repository > > > > Modified files: > > lib/libz gzio.c > > Log: > > In src/lib/libz/gzio.c the function gzprintf does not check if the > > amount of bytes (supposed to be) written by vsnprintf exceeds the > > size of the buffer. > > > > PR: bin/48844 > > Submitted by: Peter A Jonsson <pj@ludd.luth.se> > > Obtained from: OpenBSD > > MFC after: 1 month > > Are we sure this does not have security implications and should be merged > ASAP? It sounds like a security fix, and one I'd like to have in 4.8 - if > gunzipping files can be exploited, it could turn nasty. IIRC, there are no uses of gzprintf in FreeBSD. Maybe Chris can dig up my correspondance about this on security-officer; or I'll dig it up in a few days. Cheers, -- Jacques A. Vidrine <nectar@celabo.org> http://www.celabo.org/ NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-src" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030317213506.GA58242>