Fwd: buffer overrun in zlib 1.1.4

jsmaby at virgo.umeche.maine.edu jsmaby at virgo.umeche.maine.edu
Sun Feb 23 17:15:02 PST 2003


>> Non-vsnprintf()-enabled 
>> builds are just stuck with a (possibly unavoidable) 
>> vulnerability, but we should at least fix it for Linux.

>Personally I would make it refuse to build if vsnprintf wasn't
>available.

Eek, evil.  Why not just disable gzprintf in that case?  Maybe
make it a stub that prints an error so that in case a program
uses it on a system that doesn't have vsnprintf, the user need
not be confused as to why it doesn't link/work.
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list