Fw: Re: poc zlib sploit just for fun :)
Niki Guldbrand
nikig at vip.cybercity.dk
Thu Feb 27 18:56:09 GMT 2003
Begin forwarded message:
Date: Thu, 27 Feb 2003 15:41:49 +0100
From: "Ralf S. Engelschall" <rse at engelschall.com>
To: bugtraq at securityfocus.com
Subject: Re: poc zlib sploit just for fun :)
In article <200302241751.25591.kelledin+BTQ at skarpsey.dyndns.org> you wrote:
> [...]
> Attached below is a patch RK and I whipped up yesterday, after I
> caught wind of this problem sometime in the afternoon.
> [...]
Thanks for your efforts. We've reviewed your patch for inclusion into
our OpenPKG "zlib" package and discovered that your configure checks are
not quite correct. For instance, you're incorrectly putting a va_list
variable into a snprintf call in one check, etc. Additionally we've
stripped down in size the patch to gzio.c (you re-formatted existing
code, etc). See http://cvs.openpkg.org/openpkg-src/zlib/zlib.patch for
our derived version of your patch in case you're interested.
Ralf S. Engelschall
rse at engelschall.com
www.engelschall.com
More information about the Lunar-dev
mailing list