On Monday 01 February 2010 03:54:02 Jim Meyering wrote: > Mike Frysinger wrote: > > On Wednesday 20 January 2010 11:01:31 Jim Meyering wrote: > >> Here's the patch for CVE-2010-0001, > >> along with a test to exercise the offending code. > >> > >> I expect to release gzip-1.4 within the next few hours. > >> > >> From a3db5806d012082b9e25cc36d09f19cd736a468f Mon Sep 17 00:00:00 2001 > >> From: Jim Meyering <[email protected]> > >> Date: Sun, 10 Jan 2010 17:13:01 +0100 > >> Subject: [PATCH 1/2] gzip -d: do not clobber stack for valid input on > >> x86_64 > >> > >> * unlzw.c (unlzw): Avoid integer overflow. > >> Aki Helin reported the segfault along with an input to trigger the bug. > > > > this code applies unchanged (not surprisingly) to the original lzw > > implementation. but the redhat bug report says that the issue doesnt > > apply to the original ncompress (4.2.4) implementation ? > > I'm glad you checked. If the buggy code is there, too, then maybe there's > an easy way to trigger a similar failure. I tested "compress" and saw no > failure, and so didn't go through it in the debugger like I did for gzip. > > > not sure if you want to just keep the inner details off of public lists > > ... > > Considering the relatively limited exposure via ncompress, > it seems like it'd be ok to talk about it in public. > But if you've found an exploit, you'll have to judge.
i have no such archives to trigger crashes, it's just that i've been keeping ncompess up-to-date on ncompress.sf.net. i put out a new version including this fix (among others). -mike
signature.asc
Description: This is a digitally signed message part.
