[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] use-after-free bug in cookie handling
From: |
Thorsten Glaser |
Subject: |
Re: [Lynx-dev] use-after-free bug in cookie handling |
Date: |
Fri, 14 Aug 2015 20:35:57 +0000 (UTC) |
Dixi quod…
>But it’ll probably fix the RedHat issue as well.
OK, I looked at that and the source in detail.
I looked at every match of HTList_removeObject in the source.
All those not in src/LYCookie.c are almost certainly safe.
Those remaining in src/LYCookie.c other than what I fixed
yesternight seem to be safe as well. I looked especially
at those “HTList_removeObject(de->cookie_list, co);” calls,
but since there’s a “break” after, and the loop variable
is not used afterwards any more, they are probably safe.
The occurrences in other files are surprisingly different
from src/LYCookie.c and in that consistent. This looks as
if src/LYCookie.c was written by someone else, or rather
two someones (those using while are easier to check to be
safe than the for ones).
bye,
//mirabilos
--
> emacs als auch vi zum Kotzen finde (joe rules) und pine für den einzig
> bedienbaren textmode-mailclient halte (und ich hab sie alle ausprobiert). ;)
Hallooooo, ich bin der Holger ("Hallo Holger!"), und ich bin ebenfalls
... pine-User, und das auch noch gewohnheitsmäßig ("Oooooooohhh"). [aus dasr]