Fwd: buffer overrun in zlib 1.1.4

Kelledin kelledin+LFS at skarpsey.dyndns.org
Sun Feb 23 18:38:38 PST 2003


While we're at it, revised patch.  This fixes a possible bug in 
the vsnprintf-specific codepath.  It also modifies the 
vsprintf-specific codepath (not sure why I'm bothering); we 
can't get rid of the buffer overflow there, but we can at least 
fix the string-format vuln and tweak performance a bit.  It also 
applies our fixes to a preprocessor path taken only if the 
compiler isn't ANSI-compliant, so the fixes are supposedly now 
complete.

However, the fixes may break systems that don't include a proper 
C99-compliant sprintf/snprintf/vsprintf/vsnprintf function.  
Current LFS and recent glibc versions are not affected by this.

Also, as our local LFS guy jsmaby pointed out, we might need a 
better testcase to make sure the modified gzprintf() works.  
Most binaries (including file) apparently don't even bother to 
call the bloody function directly.  Fortunately, the "example" 
utility built in the zlib source tree does call gzprintf(), and 
it still produces the correct output.  So maybe that's all we 
need (woot! :D)

-- 
Kelledin
"If a server crashes in a server farm and no one pings it, does 
it still cost four figures to fix?"
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-dev' in the subject header of the message



More information about the lfs-dev mailing list