gzip memory corruption
Eygene Ryabinkin
rea-fbsd at codelabs.ru
Fri Jul 31 05:29:26 UTC 2009
Xin, good day.
Thu, Jul 30, 2009 at 04:49:53PM -0700, Xin LI wrote:
> Having checked with GNU's gzip, it looks like that they arbitrarily set
> an upper limit of the suffix length to 30. This is unrelated to the
> memcpy bug but let's address it here as well. My revised patch would
> make the memcpy into a fatal errx, and reduce the allowed suffix length
> to 30 to match GNU behavior.
>
> Please let me know if this version looks better, I'll propose it to re@
> and commit if they approved it.
Yes, this patch looks much better, thanks! One thing: I would expand
the error message here:
> + if (len >= SUFFIX_MAXLEN)
> + errx(1, "incorrect suffix: '%s'", optarg);
say to
> + errx(1, "incorrect suffix: '%s': too long", optarg);
I will be better, since the reason of incorrectness will be stated:
it is not very obvious why the suffix like
'.barrhmumbojombofromthemightyuserwhoseemtogonecompletelymad'
isn't acceptable ;))
--
Eygene
_ ___ _.--. #
\`.|\..----...-'` `-._.-'_.-'` # Remember that it is hard
/ ' ` , __.--' # to read the on-line manual
)/' _/ \ `-_, / # while single-stepping the kernel.
`-'" `"\_ ,_.-;_.-\_ ', fsc/as #
_.-'_./ {_.' ; / # -- FreeBSD Developers handbook
{_.-``-' {_/ #
More information about the freebsd-security
mailing list