Displaying 1 result from an estimated 1 matches for "bufzip".
Did you mean:
bufapi
2002 Mar 22
1
Is OpenSSH vulnerable to the ZLIB problem or isn't it?
...in this state, this function can cause a heap corruption
exploitable by the attacker. (More precisely, both the first and the
second call will attempt to free the same pointer. This is layed out
in more detail in the advisory.)
We do not use the zlib directly. Instead, we use a wrapper library
bufzip that is the only point in our code that is in directly contact
to the zlib.
The crucial point is this: if bufzip calls the misbehaving function in
the zlib, it always checks whether the return value is TRUE. If not,
it terminates the process with a message that the compressed data
stream is corru...