[Zlib-devel] Re: gzip and the inffast vulnerability
Mark Adler
madler at alumni.caltech.edu
Sun Dec 15 13:44:01 EST 2002
On Sunday, December 15, 2002, at 05:52 AM, Glenn Randers-Pehrson wrote:
> The Eeye guys won't let me have their test case so I can't just try it.
Attached is a gzip file and zlib stream that contain an invalid fixed
length code. To exhibit the bug in 1.0.4, inflate needs to be provided
with large enough input and output buffers in order to call
inflate_fast()--1K is more than large enough.
mark
-------------- next part --------------
A non-text attachment was scrubbed...
Name: badlit.gz
Type: application/x-gzip
Size: 22 bytes
Desc: not available
URL: <http://madler.net/pipermail/zlib-devel_madler.net/attachments/20021215/d5ad2093/attachment.bin>
-------------- next part --------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: badlit.zlib
Type: application/octet-stream
Size: 10 bytes
Desc: not available
URL: <http://madler.net/pipermail/zlib-devel_madler.net/attachments/20021215/d5ad2093/attachment.obj>
-------------- next part --------------
More information about the Zlib-devel
mailing list