lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Some more security issues in Lynx...


From: Alan Cox
Subject: Re: lynx-dev Some more security issues in Lynx...
Date: Sat, 31 Oct 1998 00:50:42 +0000 (GMT)

> It's a portability consideration (that's policy, I guess).  Lynx runs on a
> number of platforms that don't have snprintf (Lynx has its own strcasecmp
> for instance ;-).  The workarounds, of course, involve more work, but
> that's what we'll do (i.e., splice things together from StrAllocCopy and
> StrAllocCat when we don't know a precise limit).

Ok take a look at LYMap.c it uses StrAllocCopy etc religiously until
it gets into LYLoadIMGmap() which prints arbitary (as far as I can see)
length addresses into a 1K buffer.

Another suspicious area is all the local handling. The code appears to have
set its buffer sizes correctly before shell quoting was added. A worst case
shell quoting (size*5) seems to exceed buffers in several places

Alan

reply via email to

[Prev in Thread] Current Thread [Next in Thread]