This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: ZLIB


jglong3@att.net wrote:

> The following subject was researched in the CYGWIN Archives. If the answer exists, I apologize if the proper string(s) were not input to find the answer to the following discussion.
> 
>     A report by SecurityTracker mentions that there is situation in zlib.
>     This situation in zlib is reported as relative to the inflate() and
>     inflateBack().
>     The report says the situation varies depending on the application
>     using the zlib library, but if exploited can result in a denial of services.
> 
> Is there a new zlib to correct for this????
> 
> If so is the correction in Zlib or the cygwin.dll------
> 
> What download file or files are required????
> 
> THANKS for your time, help, and advise!!! :)

First of all it would have helped if you'd included some links.  The
page you are referring to is
<http://www.securitytracker.com/alerts/2004/Aug/1011085.html> and the
problem was reported in the debian bug report
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=252253>.  The OpenPKG
report at <http://lwn.net/Articles/99288/> also contains useful links.

The date of that advisory was 30-Aug-2004, and the datestamp on the
1.2.1 Cygwin zlib package is 3-Dec-2003 so no, it does not contain this
fix.  And, unless I missed it there was no announcement in the last week
of a new zlib package, so for the time being there is nothing to
download.

The fix for this advisory is a trivial patch to fix the error handling,
as below from the OpenBSD avisory
<ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.5/common/017_libz.patch>:

diff -u -p -r1.2 -r1.2.2.1
--- lib/libz/infback.c  17 Dec 2003 00:28:19 -0000      1.2
+++ lib/libz/infback.c  28 Aug 2004 16:21:46 -0000      1.2.2.1
@@ -446,6 +446,9 @@ void FAR *out_desc;
                 }
             }
 
+            if (state->mode == BAD)
+                break;
+
             /* build code tables */
             state->next = state->codes;
             state->lencode = (code const FAR *)(state->next);

diff -u -p -r1.6 -r1.6.2.1
--- lib/libz/inflate.c  17 Dec 2003 00:28:19 -0000      1.6
+++ lib/libz/inflate.c  28 Aug 2004 16:21:46 -0000      1.6.2.1
@@ -909,6 +909,9 @@ int flush;
                         state->lens[state->have++] = (unsigned
short)len;
                 }
             }
+
+            if (state->mode == BAD)
+                break;
 
             /* build code tables */
             state->next = state->codes;

If this is important to you then you should download the zlib src
package and apply the above.  Hopefully the zlib maintainer will release
a fixed package shortly, but with free software there is never any
guarantee of anything.

Brian

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]