Hi, as you might already know someone at Bugtraq came up with information about applications being vulnerable to (de)compression bombs. Basically, this means someone sends compressed data and the receiver will blatantly decompress it exceeding all available memory causing a crash and/or a DoS. The (forced) compression ratio can be awesome - no shit, Watson.
I haven't looked at the sources recently but I wondered whether GTKG applies resp. can apply a limit to the (de)compressed size of packets. As you know, Glib/GTK+ is a bitch *woof* when it comes to malloc failures so it would be very likely you can crash GTKG this way if it didn't. If it's not vulnerable it might be worthwile to say so on the website at an appropriate place. -- Christian As you can see, this a signature. It's not related to the contents of the mail in any way. But you probably won't listen to me anyway, will you?
pgp00000.pgp
Description: PGP signature
