Re: Gzip & segmentation faults

David LeBlanc (dleblanc@MINDSPRING.COM)
Thu, 25 Dec 1997 12:31:54 -0500

>Of course it shouldn't be really dangerous, but I also found
>Attached example of 'evil' archive (Altered.gz) has been created by
>compressing empty file with gzip's -n switch. After all, byte at offset
>0x0a (one of possibilities :) has been changed.
>Under Linux, attempt of unziping or viewing this file will cause
>nice segmentation fault.

Under NT, it just throws an exception. Probably is exploitable if you
dinked with it enough. Instruction well in the executable's range
references memory at 0x1.

>MS-DOS gzip screws-up totally.

Considering that MS-DOS is relatively screwed up to begin with, and has few
to no redeeming qualities, I don't find this surprising.

Sigh - millions of buffer overruns everywhere, and not enough time to
exploit them all.

David LeBlanc |Why would you want to have your desktop user, |your mere mortals, messing around with a 32-bit
|minicomputer-class computing environment?
|Scott McNealy