|
Message-ID: <9786871.DjNlDLY9Ns@blackgate> Date: Thu, 09 Feb 2017 15:02:50 +0100 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: A note about the multiple crashes in zziplib Hello all, I posted several crashes about zziplib. The latest release was done ~5 years ago and the upstream bugs place seems to be dead. However, I will forward them on their website. I didn't receive any type of feedback from the maintainer so I don't know if some of them are duplicates. In any case there are problems where the same codebase was used in more places, e.g.: http://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-c/ shows a null ptr at: unzzipcat.c:94 and https://blogs.gentoo.org/ago/2017/02/09/zziplib-null-pointer-dereference-in-main-unzzipcat-mem-c/ shows a null ptr at: unzzipcat-mem.c:94 Both C file have the same code at line 94: printf ("%s\n", name); So, while in the past, sometimes, we saw that one 'change' in the code was able to fix more than one issue, in this case, the issue is the same but it duplicate in more '.c' file -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.