[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: zlib bug

To: Ted U <grendel@heorot.stanford.edu>
Subject: Re: zlib bug
From: Ian D <ian@assv.net>
Date: 12 Mar 2002 10:01:28 +0100
Cc: misc@openbsd.org
Organization: as little as possible
References: <Pine.BSO.4.40.0203120020280.9483-100000@heorot.stanford.edu>
User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Artificial Intelligence)

Ted U <grendel@heorot.stanford.edu> writes:

> > > No, it does not affect OpenBSD because of the superior
> > > malloc (free, to be exact) implementation.
> > > I read /. too and I instantly checked with the man pages.
> >
> > Is OpenBSD as a whole immune to this bug, or just OpenBSD's OpenSSH
> > implementation?
> 
> I think immune is a strong word.  It's still a bug.  But BSD malloc
> implementations are safe for the most part from being exploited.
> 
> OpenBSD as a whole, until a few hours ago, was vulnerable to the flaw in
> any program that used libz (I count 7 in /usr/bin) would double free.  It
> just so happens that double freeing reports a warning instead of
> corrupting the heap.


Ok, thanks for the explanation.
-- 
/Ian D
ian@assv.net

References:
- Re: zlib bug
  - From: Ted U <grendel@heorot.stanford.edu>

Prev by Date: Re: zlib bug
Next by Date: Re: APC Ups, non-serial connection
Prev by thread: Re: zlib bug
Next by thread: Re: zlib bug
Index(es):
- Date
- Thread