[29076] in bugtraq
Re: poc zlib sploit just for fun :)
daemon@ATHENA.MIT.EDU (Ralf S. Engelschall)
Thu Feb 27 12:10:05 2003
Date: Thu, 27 Feb 2003 15:41:49 +0100
From: "Ralf S. Engelschall" <rse@engelschall.com>
To: bugtraq@securityfocus.com
Message-ID: <20030227144148.GA38547@engelschall.com>
Reply-To: rse@engelschall.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In article <200302241751.25591.kelledin+BTQ@skarpsey.dyndns.org> you wrote:
> [...]
> Attached below is a patch RK and I whipped up yesterday, after I
> caught wind of this problem sometime in the afternoon.
> [...]
Thanks for your efforts. We've reviewed your patch for inclusion into
our OpenPKG "zlib" package and discovered that your configure checks are
not quite correct. For instance, you're incorrectly putting a va_list
variable into a snprintf call in one check, etc. Additionally we've
stripped down in size the patch to gzio.c (you re-formatted existing
code, etc). See http://cvs.openpkg.org/openpkg-src/zlib/zlib.patch for
our derived version of your patch in case you're interested.
Ralf S. Engelschall
rse@engelschall.com
www.engelschall.com
