Displaying 3 results from an estimated 3 matches for "inflate_block".
Did you mean:
inflate_lock
2002 Mar 22
1
Is OpenSSH vulnerable to the ZLIB problem or isn't it?
...releases.
CERT and CERT-FI has been notified, no other reaction is necessary at this
point.
For further technical information, please see the technical explanation
below.
The problem works as follows: when a maliciously corrupted compressed
data stream is decompressed, it can cause the function
inflate_blocks() to enter a certain state and return FALSE. If called
again in this state, this function can cause a heap corruption
exploitable by the attacker. (More precisely, both the first and the
second call will attempt to free the same pointer. This is layed out
in more detail in the advisory.)
We do...
2002 Mar 13
3
zlib compression, the exploit, and OpenSSH
...cated memory to be released more than once (i.e.,
"double-freed"). Specifically, when inftrees.c:huft_build() encounters
the crafted data, it returns an unexpected Z_MEM_ERROR to
inftrees.c:inflate_trees_dynamic(). When a subsequent call is made to
infblock.c:inflate_blocks(), the inflate_blocks function tries to free
an internal data structure a second time.
Because this bug interferes with the proper allocation and
deallocation of dynamic memory, it may be possible for an attacker to
influence the operation of programs that include...
2002 Apr 20
1
rsync breaks on FreeBSD without -O2?(fwd from grog@FreeBSD.org) PR 36998
...0x8061823 in inflate_codes (s=0x807b040, z=0x80777c0, r=0) at zlib/infcodes.c:200
200 while (f < s->window) /* modulo window size-"while" instead */
(gdb) bt
#0 0x8061823 in inflate_codes (s=0x807b040, z=0x80777c0, r=0) at zlib/infcodes.c:200
#1 0x806104c in inflate_blocks (s=0x807b040, z=0x80777c0, r=-5) at zlib/infblock.c:340
#2 0x806243b in inflate (z=0x80777c0, f=0) at zlib/inflate.c:221
#3 0x805852f in recv_deflated_token (f=0, data=0xbfbfe8dc) at token.c:412
#4 0x805872e in recv_token (f=0, data=0xbfbfe8dc) at token.c:506
#5 0x804bd38 in receive_data (f_in...