Re: [Fwd: freeswan & zlib security]

[Dale Amon <amon@vnl.com>]

On Tue, Sep 17, 2002 at 12:49:34AM -0300, Peter Cordes wrote:
>  IIRC, the problem with zlib was that it called free(3) an extra time, or
> something like that, and glibc no longer allows that.  Moving the ZFREE()
> obviously changes the conditions required for it to be called, so this is
> very probably related to the double-free(3) bug.  If the code you've
> posted is running in the kernel, then glibc won't be handling ZFREE, it'll
> be a kernel memory management function.  Does anyone know if it's safe to
> double-free vmalloc()ed (or whatever it is) kernel memory?
> 
>  I thought the kernel had zlib functions built in already, why isn't
> FreeSWAN using that?  (I'm not really a kernel hacker, so I could be wrong
> on this :)

I chatted on the phone with Henry Spencer back when the
zilb bug was first announced and he was of the opinion 
that in FS it would be almost impossible to exploit. So it's
probably something that should be fixed but is not a high
profile issue. Not my call though: I'm not one of the maintainers,
just a user of the results.

-- 
------------------------------------------------------
    Nuke bin Laden:           Dale Amon, CEO/MD
  improve the global          Islandone Society
     gene pool.               www.islandone.org
------------------------------------------------------