Home page logo

oss-sec logo oss-sec mailing list archives

Re: LZW decompression issues
From: Solar Designer <solar () openwall com>
Date: Thu, 29 Sep 2011 04:41:53 +0400

Tomas -

On Wed, Sep 28, 2011 at 08:22:28PM +0200, Tomas Hoger wrote:
Let me try to explain some.

Thank you!  This is very helpful.

Do we possibly want to add the "maxbits < 12" check as well?  And does
it matter for security?

I'm not aware of any security impact of that.  Not sure if there's any
spec that requires maxbits >= 12, if not, INIT_BITS (9) may be a safer
lower bound.

I am asking Joerg about it in another message.

Colin - thank you for your prompt response (redirecting us to NetBSD).
Some further postings went without CC to you, I hope that's OK.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]