|
|||||
|
|
|
|
|
|
|
|
Re: Linux Compression Format Flaw Found July 8, 2005
There is an unofficial patch to Zlib 1.2.2 available from the Gentoo people at : gentoo-x86: sys-libs/zlib/files/zlib-1.2.2-inftrees.patch Which can be easily implemented thus :
-------------------------------------------------------------------------------
in inftrees.c
137 /***************************************************************/
138 /* patch by Dennis Clarke dclarke@blastwave.org in response to */
139 /* http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2096 */
140 /*
141 /* oldline was :
142 /* if (left > 0 && (type == CODES || (codes - count[0] != 1))) */
143 /*
144 /* newline follows */
145 /***************************************************************/
146 if (left > 0 && (type == CODES || max != 1))
147 return -1; /* incomplete set */
148
$ env
CC=cc
CFLAGS=-xarch=v8 -xstrconst -xildoff
EDITOR=vi
HOME=/export/medusa/dclarke
LD_OPTIONS=-R/opt/csw/lib/ -L/opt/csw/lib
LOGNAME=dclarke
MAIL=/var/mail//dclarke
MANPATH=/usr/openwin/share/man:/usr/share/man:/usr/dt/share/man:/opt/csw/man
PATH=/opt/forte8/SUNWspro/bin:/usr/sbin:/usr/bin:/usr/openwin/bin:/usr/ccs/bin
SHELL=/sbin/sh
TERM=vt100
TZ=Canada/Eastern
USER=dclarke
$
$ which cc
/opt/forte8/SUNWspro/bin/cc
$ cc -V
cc: Sun C 5.5 Patch 112760-17 2005/02/15
usage: cc [ options] files. Use 'cc -flags' for details
$ make
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c example.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c adler32.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c compress.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c crc32.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c gzio.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c uncompr.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c deflate.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c trees.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c zutil.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c inflate.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c infback.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c inftrees.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c inffast.c
ar rc libz.a adler32.o compress.o crc32.o gzio.o uncompr.o deflate.o
trees.o zutil.o inflate.o infback.o inftrees.o inffast.o
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -o example example.o -L. libz.a
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -c minigzip.c
cc -xarch=v8 -xstrconst -xildoff -DUSE_MMAP -o minigzip minigzip.o -L. libz.a
$ make test
hello world
zlib version 1.2.2 = 0x1220, compile flags = 0x55
uncompress(): hello, hello!
gzread(): hello, hello!
gzgets() after gzseek: hello!
inflate(): hello, hello!
large_inflate(): OK
after inflateSync(): hello, hello!
inflate with dictionary: hello, hello!
*** zlib test OK ***
-------------------------------------------------------------------------------
Should you wish to implement this approach in your production systems then
you are advised that this is an unofficial patch. No actual patch update
has been released by the zlib project people and you can be assured that they
are aware of the issue. A more critical mind would ask the question “if
the patch is so trivial and obvious then why has it not been officially released?”.
Dennis Clarke
Sun Jul 10 01:39:32 EDT 2005
|
|||||||
|
©2002-2005 blastwave.org Dennis Clarke Admin and Director dclarke@blastwave.org Sun™ Logo Published with Permission from Sun Microsystems, Inc. |
|