Home page logo

oss-sec logo oss-sec mailing list archives

Re: LZW decompression issues
From: Solar Designer <solar () openwall com>
Date: Wed, 28 Sep 2011 19:53:29 +0400

Here's a guess:

On Wed, Sep 28, 2011 at 07:42:03PM +0400, Solar Designer wrote:
whereas the FreeBSD patch has:

              if (zs->u.r.zs_code >= zs->zs_free_ent) {
+                     if (zs->u.r.zs_code > zs->zs_free_ent ||
+                         zs->u.r.zs_oldcode == -1) {
+                             /* Bad stream. */

Perhaps the FreeBSD "affected" statement for gzip was based on it missing
the "zs->u.r.zs_code > zs->zs_free_ent" check prior to this patch.  This
check was already added upstream before gzip 1.4, which is why gzip was
"not affected" this time for other distro vendors (the issue was patched
years ago).

The rest of the changes are probably for detection of some corrupted
archives that were of no security risk.  But that's just a guess, which
I did not confirm.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]