oss-sec mailing list archives
Re: LZW decompression issues
From: Solar Designer <solar () openwall com>
Date: Wed, 28 Sep 2011 19:53:29 +0400
Here's a guess: On Wed, Sep 28, 2011 at 07:42:03PM +0400, Solar Designer wrote:
whereas the FreeBSD patch has: if (zs->u.r.zs_code >= zs->zs_free_ent) { + if (zs->u.r.zs_code > zs->zs_free_ent || + zs->u.r.zs_oldcode == -1) { + /* Bad stream. */
Perhaps the FreeBSD "affected" statement for gzip was based on it missing the "zs->u.r.zs_code > zs->zs_free_ent" check prior to this patch. This check was already added upstream before gzip 1.4, which is why gzip was "not affected" this time for other distro vendors (the issue was patched years ago). The rest of the changes are probably for detection of some corrupted archives that were of no security risk. But that's just a guess, which I did not confirm. Alexander
Current thread:
- LZW decompression issues Tomas Hoger (Aug 10)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Colin Percival (Sep 28)
- Re: LZW decompression issues Tomas Hoger (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Tavis Ormandy (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Tomas Hoger (Sep 29)
- Re: LZW decompression issues Tim Zingelman (Sep 29)
- Re: LZW decompression issues Joerg Sonnenberger (Sep 29)
- Re: LZW decompression issues Solar Designer (Sep 29)
- Re: LZW decompression issues Tavis Ormandy (Sep 29)
- Re: LZW decompression issues Solar Designer (Sep 28)