Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <9786871.DjNlDLY9Ns@blackgate>
Date: Thu, 09 Feb 2017 15:02:50 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: A note about the multiple crashes in zziplib

Hello all,

I posted several crashes about zziplib.

The latest release was done ~5 years ago and the upstream bugs place seems to 
be dead. However, I will forward them on their website.

I didn't receive any type of feedback from the maintainer so I don't know if 
some of them are duplicates.
In any case there are problems where the same codebase was used in more 
places, e.g.:

http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-c/ shows a null ptr at: unzzipcat.c:94

and

https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-mem-c/ shows a null ptr at: unzzipcat-mem.c:94

Both C file have the same code at line 94:
printf ("%s\n", name);

So, while in the past, sometimes, we saw that one 'change' in the code was 
able to fix more than one issue, in this case, the issue is the same but it 
duplicate in more '.c' file

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.