[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Some more security issues in Lynx...
From: |
dickey |
Subject: |
Re: lynx-dev Some more security issues in Lynx... |
Date: |
Fri, 30 Oct 1998 20:13:22 -0500 (EST) |
> Ok take a look at LYMap.c it uses StrAllocCopy etc religiously until
> it gets into LYLoadIMGmap() which prints arbitary (as far as I can see)
> length addresses into a 1K buffer.
>
> Another suspicious area is all the local handling. The code appears to have
> set its buffer sizes correctly before shell quoting was added. A worst case
> shell quoting (size*5) seems to exceed buffers in several places
I understand that - but bear in mind that there's a lot of sprintf's
strcpy's and strcat's, and each change introduces the possibility of new
bugs. Now that 2.8.1's out, we can go back to mangling (aka improving) the
code for a couple of months, and (I hope) will be able to address most of
your concerns.
> Alan
--
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey