Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed, 28 Sep 2011 19:53:29 +0400
From: Solar Designer <solar@...nwall.com>
To: oss-security@...ts.openwall.com
Cc: Colin Percival <cperciva@...ebsd.org>
Subject: Re: LZW decompression issues

Here's a guess:

On Wed, Sep 28, 2011 at 07:42:03PM +0400, Solar Designer wrote:
> whereas the FreeBSD patch has:
> 
>  		if (zs->u.r.zs_code >= zs->zs_free_ent) {
> +			if (zs->u.r.zs_code > zs->zs_free_ent ||
> +			    zs->u.r.zs_oldcode == -1) {
> +				/* Bad stream. */

Perhaps the FreeBSD "affected" statement for gzip was based on it missing
the "zs->u.r.zs_code > zs->zs_free_ent" check prior to this patch.  This
check was already added upstream before gzip 1.4, which is why gzip was
"not affected" this time for other distro vendors (the issue was patched
years ago).

The rest of the changes are probably for detection of some corrupted
archives that were of no security risk.  But that's just a guess, which
I did not confirm.

Alexander

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.