zlib security - permanent fix to the real problem?

Chad Simmons polpak at yahoo.com
Wed Mar 13 07:07:13 PST 2002


--- Kevin Krumwiede <krum at smyrnacable.net> wrote:
> Yes, someone with more know-how please comment on this, for I am
> only-an-egg.
> 
> Compile and run the following program to see the effects of setting
> MALLOC_CHECK_ (WARNING: this program deliberately corrupts your heap):
> 
> #include <stdio.h>
> #include <stdlib.h>
> int main(int argc, char* argv[]) {
>    void* foo = malloc(16);
>    free(foo);
>    free(foo);
>    printf("Program ran to completion.\n");
> }
> 
> With MALLOC_CHECK_ unset: Immediate segfault; printf statement not reached.
> (But version without the printf did not segfault!)
> 
> With MALLOC_CHECK_=1: Error message with hex address of foo, followed by
> printf message.
> 
> With MALLOC_CHECK_=2: Prints "Abort" and immediately terminates; printf
> statement not reached.
> 
> The question is: Do either of these settings (1 or 2) actually prevent the
> program from corrupting the heap?  If so, does this address the zlib issue,
> at least as an interim fix?  Or maybe this is something we should all do by
> default, zlib issues aside?

Yes, setting MALLOC_CHECK_ to 0, 1, or 2 will (according to the man page)
prevent heap corruption from double free's or overruns of a single byte. The
different options simply allow you to specify what behaviour you want when such
an error is encountered. Setting it to 0 will cause the program to gracefully
ignore the problem, setting it to 1 will cause the warning printed to stderr,
and setting it to 2 will generate an abort. In all three cases, the heap is
protected.

This could be used then to safeguard against programs which compile in their
own version of zlib (assuming it is set prior to building). You could set it
when building any program as a precaution, but it's only really needed for
those packages who are known to have the problem..

Chad Simmons


=====
-----BEGIN GEEK CODE BLOCK-----
Version 3.1
GCS/L/C/O d-(+) s++:+ a-- C+++$>++++ UBLS++++$ 
P+++(--)$ L++>+++ E--- W+>++$ N !o K? w(--) !O 
M- !V PS+ PE(++) Y+ PGP->+ t- 5 X+() R(+) tv+@ 
b++(+++) !DI+++ D G(-) e>+++$ h---() r+++ y+++
------END GEEK CODE BLOCK------

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/
-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list