OpenBSD Journal

Reliability Fix - zlib patch released

Contributed by grey on from the prompt patch posting dept.

Thanks to those who wrote in to let us know about this reliability fix. Hans puts it nicely:

Looks like you can crash applications through zlib again, and OpenBSD has promptly released an applicable patch. The vulnerability is caused due to insufficient error handling in the functions "inflate()" and "inflateBack()". 3.5 patch here:

Of course, be sure to check for additional details. The word from Brad Smith is that 3.4 is unaffected.

(Comments are closed)

  1. By Bert ( on

    rebuild /sbin? what necessary applications in src/sbin that are linked against libz? i think there is no necessary programs in /bin that are statically linked against libz :-)

    1. By grey ( on

      Good catch, I've removed that comment from the posting so as to avoid confusion.

      1. By Norbert P. Copones ( on

        thanks a lot :-)

    2. By Brad ( brad at comstyle dot com on

      heh, just noticed your comment. ya, I had grey fix this since its true that nothing in /sbin is linked with zlib. with regard to the base system the only pieces that appear to be linked against zlib are...


      and they're all dynamically linked. if you're on a static arch (hppa, vax, mvme88k) then you'll have to recompile them.

      1. By Norbert P. Copones ( on

        And do I have to recompile the kernel too? Since the same file changes applies in the kernel code too.

        1. By Brad ( brad at comstyle dot com on

          No, the copy in sys/lib/libz is only used for the boot blocks. The copy of zlib used in the kernel is in sys/net/zlib.c and this is an older version not affectd by this issue with the newer implementation of inflate in zlib 1.2.x.

      2. By hans ( on

        erm, grepping along I see yer right, thanks for jumping on that..

      3. By van ( on

        Sorry for just a dumb question, but what about those not in a base system, i.e. ports? Is there any method to find and rebuild installed ports that are statically linked against zlib?

        1. By van ( on

          ...of course, if such a necessity exists at all.

  2. By Ian McWilliam ( on

    Why does the patch on the ftp site only contain the fix for userland libz and not the kernel's libz as well? It is updated in the stable branch for the kernel.

    1. By Otto ( on http://www.drijf.ney

      It is nothing new for the stable branch to contain more than covered by the patches.

      Patches are only released for things that are considered critical. We want to keep the number of patches and the amount of code affected as small as possible.

      The stable branches also contain stuff that is important, but not as critical.

      The userland libz is used to process foreign files; files that come from potentially untrusted sources on the net. The kernel libz is only used for boot code, which processes local, trusted files. So that makes the kernel libz fix not as critical as the userland libz fix.

      1. By Ian McWilliam ( on

        I know there is a better place for this discussion but I wonder...... sys/net/ppp_deflate.c * ppp_deflate.c - interface the zlib procedures for Deflate compression * and decompression (as used by gzip) to the PPP code. * This version is for use with mbufs on BSD-derived systems. Wonder if there are actually more places zlib is used in-kernel???

        1. By Otto ( on


          $ cd /usr/src/sys
          $ grep -lr inflate .

        2. By Brad ( brad at comstyle dot com on

          Yes, it is, but not the same copy of zlib as you're refering to. Read what I previously said... "The copy of zlib used in the kernel is in sys/net/zlib.c and this is an older version not affectd by this issue with the newer implementation of inflate in zlib 1.2.x."


Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]