[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: zlib bug

To: Ian D <ian@assv.net>
Subject: Re: zlib bug
From: Ted U <grendel@heorot.stanford.edu>
Date: Tue, 12 Mar 2002 00:48:30 -0800 (PST)
Cc: misc@openbsd.org
Organization: Mead Halls Inc.

On 12 Mar 2002, Ian D wrote:

> > No, it does not affect OpenBSD because of the superior
> > malloc (free, to be exact) implementation.
> > I read /. too and I instantly checked with the man pages.
>
> Is OpenBSD as a whole immune to this bug, or just OpenBSD's OpenSSH
> implementation?

I think immune is a strong word.  It's still a bug.  But BSD malloc
implementations are safe for the most part from being exploited.

OpenBSD as a whole, until a few hours ago, was vulnerable to the flaw in
any program that used libz (I count 7 in /usr/bin) would double free.  It
just so happens that double freeing reports a warning instead of
corrupting the heap.

--
Ted, toll collector of the information superhighway

Follow-Ups:
- Re: zlib bug
  - From: Ian D <ian@assv.net>
- Re: zlib bug
  - From: Artur Grabowski <art@blahonga.org>
- Re: zlib bug
  - From: "Todd C. Miller" <Todd.Miller@courtesan.com>

References:
- Re: zlib bug
  - From: Ian D <ian@assv.net>

Prev by Date: Re: zlib bug
Next by Date: Re: zlib bug
Prev by thread: Re: zlib bug
Next by thread: Re: zlib bug
Index(es):
- Date
- Thread