Bug 731342 - mailx: lzw decompressor issues
Summary: mailx: lzw decompressor issues
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: mailx
Version: rawhide
Hardware: Unspecified
OS: Unspecified
low
low
Target Milestone: ---
Assignee: Dmitry Butskoy
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-17 11:58 UTC by Tomas Hoger
Modified: 2011-08-17 13:39 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-08-17 13:11:56 UTC


Attachments (Terms of Use)
The patch I am going to apply (427 bytes, patch)
2011-08-17 12:42 UTC, Dmitry Butskoy
no flags Details | Diff
The actual patch applied (394 bytes, patch)
2011-08-17 13:11 UTC, Dmitry Butskoy
no flags Details | Diff

Description Tomas Hoger 2011-08-17 11:58:28 UTC
Description of problem:
A flaw was discovered in the LZW decompressor code from BSD compress, that is re-used by several projects, including heirloom mailx / nail, see bug #727624 for the details about the issues.

While the bug had security implication for some components embedding the code, it should only be used on trusted inputs in mailx (imap cache and spam filter database mailx itself creates).

It's unclear to me if upstream is still active or not, CVS stats suggest there was no upstream activity for almost a year.  If the patch is prepared, please submit upstream as well.

mailx unlzw code comes from FreeBSD, which does not have a fix yet.  The problem seem to have been addressed in OpenBSD and NetBSD:

http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/compress/zopen.c#rev1.17

http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/compress/zopen.c#rev1.14
http://cvsweb.netbsd.org/bsdweb.cgi/src/usr.bin/compress/zopen.c#rev1.15

The second NetBSD fix is probably preferred, as it's more efficient.

Comment 1 Dmitry Butskoy 2011-08-17 12:41:29 UTC
The first NetBSD fix looks more preferred for me because it looks more simple. Since unlzw functionality is not a key feature of Heirloom mailx, and it is performed on the trust input only, I think such a simple patch should be good.

Whether updates for the current branches are needed, or rawhide only is enough?

Comment 2 Dmitry Butskoy 2011-08-17 12:42:17 UTC
Created attachment 518669 [details]
The patch I am going to apply

Comment 3 Dmitry Butskoy 2011-08-17 13:11:42 UTC
Created attachment 518677 [details]
The actual patch applied

Rebuild in rawhide.

Reopen this bug if I need to rebuild for f14/f15/f16 as well.

Comment 4 Tomas Hoger 2011-08-17 13:39:42 UTC
(In reply to comment #1)
> The first NetBSD fix looks more preferred for me because it looks more simple.
> Since unlzw functionality is not a key feature of Heirloom mailx, and it is
> performed on the trust input only, I think such a simple patch should be good.

The simpler patch as higher performance impact, for both valid and corrupted LZW streams.

> Whether updates for the current branches are needed, or rawhide only is enough?

Rawhide-only should be ok, ty!


Note You need to log in before you can comment on or make changes to this bug.