lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20051219170753.GX3625@suespammers.org>
Date: Mon Dec 19 18:03:07 2005
From: rodrigob at suespammers.org (Rodrigo Barbosa)
Subject: Unzip *ALL* verisons ;))

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Mon, Dec 19, 2005 at 05:27:15PM +0100, Joachim Schipper wrote:
> On Mon, Dec 19, 2005 at 12:06:07PM +0000, c0ntex wrote:
> > Just to add to the pot, this little bug has been there a long time,
> > mmm, around 2+ yrs. Any apps calling unzip? Any unzip archives with
> > rather large files?
> > 
> > ;)
> > 
> > [c0ntex@...uxbox tmp]$ gdb -q unzip
> > (no debugging symbols found)...Using host libthread_db library
> > "/lib/tls/libthread_db.so.1".
> > (gdb) r `perl -e 'print "A" x 5000'`
> > Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'`
> > Reading symbols from shared object read from target memory...(no
> > debugging symbols found)...done.
> > Loaded system supplied DSO at 0xffffe000
> > (no debugging symbols found)...(no debugging symbols found)...unzip: 
> > cannot find or open AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> > 
> > [snip]
> > 
> > AAAAAAAAAAAAAA.ZIP.
> > *** glibc detected *** double free or corruption: 0x08075008 ***
> > 
> > Program received signal SIGABRT, Aborted.
> > 0xffffe410 in __kernel_vsyscall ()
> > (gdb) bt
> > #0  0xffffe410 in __kernel_vsyscall ()
> > #1  0x002a2955 in raise () from /lib/tls/libc.so.6
> > #2  0x002a4319 in abort () from /lib/tls/libc.so.6
> > #3  0x002dba1b in malloc_printerr () from /lib/tls/libc.so.6
> > #4  0x002dc4ba in free () from /lib/tls/libc.so.6
> > #5  0x080543a6 in ?? ()
> > #6  0x08075008 in ?? ()
> > #7  0x00000005 in ?? ()
> > #8  0x00000000 in ?? ()
> 
> I cannot reproduce this, either with "A" x 5000 or "A" x 20000. I tested
> unzip-5.52 on Linux/i386-2.6 and OpenBSD/i386-3.8, and saw no error.

Got a nasty explosion here. CentOS 4.2, Unzip-5.51:

(gdb) r `perl -e 'print "A" x 5000'`                                          
Starting program: /usr/bin/unzip `perl -e 'print "A" x 5000'`
(no debugging symbols found)
(no debugging symbols found)

Program received signal SIGSEGV, Segmentation fault.
0x00197956 in strcpy () from /lib/tls/libc.so.6

Best Regards,

- -- 
Rodrigo Barbosa <rodrigob@...spammers.org>
"Quid quid Latine dictum sit, altum viditur"
"Be excellent to each other ..." - Bill & Ted (Wyld Stallyns)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)

iD8DBQFDpujppdyWzQ5b5ckRAj9uAKCqvcOLd5l+jzQus73rBPX7+ci4awCeNEIP
9zefoQnC9RPTEUghQtRDUeE=
=G3he
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ