VNC zlib Advisory draft 1

Andrew van der Stock ajv "at" greebo.net
Thu, 14 Mar 2002 09:32:21 +0000


Depends on your malloc() implementation. The thing that causes the bug
to appear is an input stream constructed *just* *so*, and that *is*
platform independent as the inflate input stream is the same regardless
of platform. Bad things happen when malloc()/free() from libc is also
faulty or fails in a certain way upon a double free. The best you can
hope for is a segv, still a downer for the user. 

Most libc's are related - I wouldn't be surprised if MacOS X's malloc is
related to BSD or gnu's libc. But it also depends on your compiler - if
Metrowerks have a compiler suite for MacOS X that's not the heavily
modified gcc that Apple supply, then that could be a dependency. 

Suffice to say, it's simpler to re-link with zlib 1.1.4 than to figure
out if you're actually vulnerable to the input stream. 

Andrew

-----Original Message-----
From: owner-vnc-list "at" uk.research.att.com
[mailto:owner-vnc-list "at" uk.research.att.com] On Behalf Of Adrian Umpleby
Sent: Thursday, 14 March 2002 8:14 PM
To: vnc-list "at" uk.research.att.com
Subject: Re: VNC zlib Advisory draft 1

>The next version of VNCThing (2.3) will be linked with zlib 1.1.4:
should be
>available fairly soon.

Thanks for the info!

(Does that mean v2.2 is potentially vulnerable?)

Adrian
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, mail majordomo "at" uk.research.att.com with the line:
'unsubscribe vnc-list' in the message BODY
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------