[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: zlib bug
On 12 Mar 2002, Ian D wrote:
> > No, it does not affect OpenBSD because of the superior
> > malloc (free, to be exact) implementation.
> > I read /. too and I instantly checked with the man pages.
> Is OpenBSD as a whole immune to this bug, or just OpenBSD's OpenSSH
I think immune is a strong word. It's still a bug. But BSD malloc
implementations are safe for the most part from being exploited.
OpenBSD as a whole, until a few hours ago, was vulnerable to the flaw in
any program that used libz (I count 7 in /usr/bin) would double free. It
just so happens that double freeing reports a warning instead of
corrupting the heap.
Ted, toll collector of the information superhighway