Re: ZLib double free bug: Windows NT potentially unaffected

From: Casper Dik (Casper.Dikat_private)
Date: Thu Mar 14 2002 - 15:12:16 PST

Next message: Mike Tone: "Fwd: DebPloit (exploit)"

Previous message: tsr@it-checkpoint.net: "[CSS] Cross Site Scripting in the translation and infoplease services of lycos.com possible"
In reply to: KJK::Hyperion: "ZLib double free bug: Windows NT potentially unaffected"
Next in thread: Robert Collins: "RE: ZLib double free bug: Windows NT potentially unaffected"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>ZLib implementations on Windows NT should be unaffected by the "double 
>free" bug, as long as they use the heap management functions of the Runtime 
>Library (RTL), or any front-end to them, since these functions do a pretty 
>good job at preventing heap corruption and access violations


Catching double free()s is one thing, preventing heap corruption is
quite something different.

If a piece of memory is freed twice, it can be handed back out before the
second (incorrect) free occurs.

Aside, if double free catching alone is sufficient to be considered
safe from this zlib bug, then Solaris standard libc malloc is also safe;
it catches double frees in several ways.  (Last value free()d w/o
intervening value; checks for existance on the free list and whether it
is marked free)

Casper

Next message: Mike Tone: "Fwd: DebPloit (exploit)"
Previous message: tsr@it-checkpoint.net: "[CSS] Cross Site Scripting in the translation and infoplease services of lycos.com possible"
In reply to: KJK::Hyperion: "ZLib double free bug: Windows NT potentially unaffected"
Next in thread: Robert Collins: "RE: ZLib double free bug: Windows NT potentially unaffected"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Mar 14 2002 - 17:29:02 PST