oss-sec mailing list archives
Re: LZW decompression issues
From: Solar Designer <solar () openwall com>
Date: Thu, 29 Sep 2011 19:25:42 +0400
On Thu, Sep 29, 2011 at 02:50:22PM +0200, Joerg Sonnenberger wrote:
This is not about GNU (g)zip, but the NetBSD/FreeBSD tool of the same name. The corresponding NetBSD advisory explicitly lists GNU gzip and libarchive as not vulnerable.
Thanks! My current understanding is that both the NetBSD/FreeBSD gzip and GNU gzip reuse mid-1980's code from compress, which was in the public domain. Those revisions thus could use different licenses (BSD vs. GPL), and indeed the code is quite different by now. (Also there's a lot of code that is not from compress.) Tomas, Tim - thank you for explaining the "maxbits < 12" check. It appears that we don't need it for GNU gzip, and NetBSD/FreeBSD gzip could want to relax the check too. Alexander
Current thread:
- Re: LZW decompression issues, (continued)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Colin Percival (Sep 28)
- Re: LZW decompression issues Tomas Hoger (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Tavis Ormandy (Sep 28)
- Re: LZW decompression issues Solar Designer (Sep 28)
- Re: LZW decompression issues Tomas Hoger (Sep 29)
- Re: LZW decompression issues Tim Zingelman (Sep 29)
- Re: LZW decompression issues Joerg Sonnenberger (Sep 29)
- Re: LZW decompression issues Solar Designer (Sep 29)
- Re: LZW decompression issues Tavis Ormandy (Sep 29)
- Re: LZW decompression issues Solar Designer (Sep 28)