lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Some more security issues in Lynx...

From: dickey
Subject: Re: lynx-dev Some more security issues in Lynx...
Date: Fri, 30 Oct 1998 18:23:33 -0500 (EST) 
> I've got another patch brewing for you btw. There are a pile of other 
> possible 
> overrun cases that dont appear to be caught. I went through the code with 
> some snprintf using macros to clean the ones  could see up. In paticular 
> lynx regularly does shell expansion of a buffer into a buffer of similar 
> (not 5 times) the size. 
>  
> I notice you dont use snprintf - is that a Lynx policy decision. 

It's a portability consideration (that's policy, I guess).  Lynx runs on a
number of platforms that don't have snprintf (Lynx has its own strcasecmp
for instance ;-).  The workarounds, of course, involve more work, but
that's what we'll do (i.e., splice things together from StrAllocCopy and
StrAllocCat when we don't know a precise limit).

But I don't mind being reminded...
 
> Alan 

-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]