On Mon, Mar 11, 2002 at 12:36:02PM -0800, Jonathan R. Hinds wrote:
> http://www.gzip.org/zlib/advisory-2002-03-11.txt
> Anything previous to 1.1.4 apears to be vulnerable.

But is this bug exploitable in NetBSD? Several applications, sshd for
example, are linked against zlib.

As this bug is about a double-free(), it shouldn't be as problematic as
in Linux. Consider the following example:

#include <stdlib.h>

int main(void) {
	int *p = (int *)malloc(10);
	free(p);
	free(p);

	printf("BSD works perfectly.\n");

	return 0;
}

NetBSD:
vasara% ./broken-free         
broken-free in free(): warning: page is already free.
BSD works perfectly.

GNU/Linux:
mutru@baraddur:~$ ./broken-free 
Segmentation fault

-- 
Otto Hilska, mutru@mbnet.fi