lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LYNX-DEV Three More no_proxy Weaknesses (two patched)


From: pg
Subject: LYNX-DEV Three More no_proxy Weaknesses (two patched)
Date: Sun, 8 Feb 1998 18:41:53 -0700 (MST)

Hello, Lyncei,

If I enter a URL for a no_proxy host, but in a different case
from the no_proxy environment variable, the proxy is used anyway
because of a case-sensitive strncmp in override_proxy.

-------------------------------------------------------

The tail-only comparison in override_proxy is overly lenient.
For example, if there's a lynx.cfg entry:

    no_proxy:tek.com

this will erroneously (IMO) override the proxy for
domain stortek.com, where it should override for
stor.tek.com, but not for stortek.com, which may be
an entirely unrelated domain.

-------------------------------------------------------

Patch attached to use case-insensitive comparison and
to demand that the last omitted character be '.'.

-------------------------------------------------------

Within our firewall, authors feel free to use unqualified
hostnames.  Although these should bypass the proxy, there's
no easy way to do this with the no_proxy variable.

-- gil

-------------------------------------------------------

diff -brc ./orig/lynxsrc/WWW/Library/Implementation/HTAccess.c 
./lynxsrc/WWW/Library/Implementation/HTAccess.c
*** ./orig/lynxsrc/WWW/Library/Implementation/HTAccess.c        Mon Nov 17 
19:09:44 1997
--- ./lynxsrc/WWW/Library/Implementation/HTAccess.c     Sun Feb  8 18:29:34 1998
***************
*** 312,318 ****
  
          if ((!templ_port || templ_port == port)  &&
              (t_len > 0  &&  t_len <= h_len  &&
!              !strncmp(Host + h_len - t_len, no_proxy, t_len))) {
              FREE(host);
              return YES;
          }
--- 312,319 ----
  
          if ((!templ_port || templ_port == port)  &&
              (t_len > 0  &&  t_len <= h_len  &&
!              (t_len >= h_len || Host[h_len - t_len - 1] == '.') &&
!              !strncasecomp(Host + h_len - t_len, no_proxy, t_len))) {
              FREE(host);
              return YES;
          }

reply via email to

[Prev in Thread] Current Thread [Next in Thread]