tech-security: Re: zlib vulnerability

Subject: Re: zlib vulnerability
To: Otto Hilska <mutru@mbnet.fi>
From: None <xs@kittenz.org>
List: tech-security
Date: 03/12/2002 00:32:01

on Tue, Mar 12, 2002 at 12:03:47AM +0200, Otto Hilska wrote:
> But is this bug exploitable in NetBSD? Several applications, sshd for
> example, are linked against zlib.

Note zlib is used in sys/net/zlib.[ch]. Is the kernel malloc/free
implementation as forgiving?
An easy way of stopping double-free() situations is to do:

    free(p);
    p = NULL;