[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
lynx-dev Some more security issues in Lynx...
|
From: |
brian j. pardy |
|
Subject: |
lynx-dev Some more security issues in Lynx... |
|
Date: |
Fri, 30 Oct 1998 12:10:21 -0800 (PST) |
Some more possible problems we need to get taken care of...
----- Forwarded message from Alan Cox <address@hidden> -----
From: address@hidden (Alan Cox)
Subject: Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice)
To: address@hidden
Date: Fri, 30 Oct 1998 19:44:48 +0000 (GMT)
In-Reply-To: <address@hidden> from "brian j. pardy" at Oct 28, 98 09:47:53 pm
X-SBClass: OK
> FWIW, from CHANGES (for 2.8.1rel.2, the most recent version):
>
> 1998-05-10 (2.8.1dev.10)
> [...]
> * fix for buffer-overrun in LYMail.c when processing a mailto:very-log-address
> URL - BL
>
I've got another patch brewing for you btw. There are a pile of other possible
overrun cases that dont appear to be caught. I went through the code with
some snprintf using macros to clean the ones could see up. In paticular
lynx regularly does shell expansion of a buffer into a buffer of similar
(not 5 times) the size.
I notice you dont use snprintf - is that a Lynx policy decision.
Alan
----- End forwarded message -----
--
GPG & PGP public keys: <URL:http://www.psnw.com/~posterkid/keys/>
PGP fingerprint: 42 57 B3 D2 39 8E 74 C3 5E 4D AC 43 25 D2 26 D4
unix soit qui mal y pense
- lynx-dev Some more security issues in Lynx...,
brian j. pardy <=