public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: "J.A. Magallon" <jamagallon@able.es>
To: paulus@samba.org
Cc: marcelo@conectiva.com.br, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] zlib double-free bug
Date: Mon, 18 Mar 2002 15:49:46 +0100	[thread overview]
Message-ID: <20020318144946.GA7052@werewolf.able.es> (raw)
In-Reply-To: <15509.51214.495427.580341@argo.ozlabs.ibm.com>


On 2002.03.18 Paul Mackerras wrote:
>Recently CERT published an advisory, warning about a bug in zlib where
>a chunk of memory could get freed twice, depending on the data being
>decompressed, which could potentially give a way to attack a system
>using zlib.  The reference is
>
>	http://www.cert.org/advisories/CA-2002-07.html
>
>All 3 of the versions of zlib in the current 2.4 kernel have this bug.
>The version in 2.5 doesn't because it handles memory allocation in a
>different way.
>
>The patch below fixes this bug in each of the three copies of zlib.c,
>in the same way that it is fixed in the zlib-1.1.4 release (basically
>by making sure that s->sub.trees.blens is always freed whenever, and
>only when, s->mode is changed from BTREE or DTREE to some other value).
>
>In the longer term I recommend that the 2.5.x changes to use a single
>copy of zlib in lib/zlib_{deflate,inflate} should be back-ported to
>2.4.  For now, this patch should be applied to 2.4.x since the bug is
>a potential security hole if you are using PPP with Deflate
>compression.
>

Someone posted it was here:

ftp://ftp.kernel.org/pub/linux/kernel/people/dwmw2/shared-zlib/

The only rest it leaves in 19-pre3 are:

./arch/ppc/boot/lib/zlib.c
./arch/ppc/boot/include/zlib.h

Patch already does:

--- linux-2.4.19-pre2-ac2/arch/ppc/config.in    Sun Mar  3 18:54:31 2002
+++ linux-2.4.19-pre2-ac2-zlib/arch/ppc/config.in   Tue Mar  5 08:57:31 2002
@@ -396,6 +396,8 @@
    source net/bluetooth/Config.in
 fi
 
+source lib/Config.in
+  
 mainmenu_option next_comment
 comment 'Kernel hacking'
 

So wouldn't it be better to kill ppc/.../zlib and make it use also the
shared copy ?

BTW, it is the ONLY file in arch/ppc/boot/lib, so whole dir could be killed
(at least in standard tree, do not know in ppc branch...)


-- 
J.A. Magallon                           #  Let the source be with you...        
mailto:jamagallon@able.es
Mandrake Linux release 8.2 (Bluebird) for i586
Linux werewolf 2.4.19-pre3-jam3 #1 SMP Fri Mar 15 01:16:08 CET 2002 i686

  reply	other threads:[~2002-03-18 14:50 UTC|newest]

Thread overview: 25+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2002-03-18 10:57 [PATCH] zlib double-free bug Paul Mackerras
2002-03-18 14:49 ` J.A. Magallon [this message]
2002-03-18 15:15   ` Tom Rini
2002-03-18 16:36   ` David Woodhouse
2002-03-18 22:09     ` Paul Mackerras
2002-03-19 10:45       ` David Woodhouse
2002-03-19 13:53         ` David Woodhouse
2002-03-19 18:06         ` H. Peter Anvin
2002-03-19 19:14           ` Dave Jones
2002-03-19 19:36             ` H. Peter Anvin
2002-03-19 19:50               ` Dave Jones
2002-03-19 19:59                 ` H. Peter Anvin
2002-03-19 20:09                   ` Dave Jones
2002-03-19 20:35           ` Nicolas Pitre
2002-03-20  9:45             ` Helge Hafting
2002-03-20 14:45               ` Nicolas Pitre
2002-03-21 20:14                 ` H. Peter Anvin
2002-03-21 21:03                   ` Tom Rini
2002-03-21 21:21                     ` Tom Rini
2002-03-21 22:13                     ` Alan Cox
2002-03-22  0:06                       ` Corey Minyard
2002-03-22  7:26                         ` David Woodhouse
2002-03-20 15:59               ` Martin Hermanowski
2002-03-20 16:17                 ` Tom Rini
2002-03-19  5:01 ` Paul Mackerras

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20020318144946.GA7052@werewolf.able.es \
    --to=jamagallon@able.es \
    --cc=linux-kernel@vger.kernel.org \
    --cc=marcelo@conectiva.com.br \
    --cc=paulus@samba.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox