lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Some more security issues in Lynx...

From: dickey
Subject: Re: lynx-dev Some more security issues in Lynx...
Date: Fri, 30 Oct 1998 20:13:22 -0500 (EST) 
> Ok take a look at LYMap.c it uses StrAllocCopy etc religiously until 
> it gets into LYLoadIMGmap() which prints arbitary (as far as I can see) 
> length addresses into a 1K buffer. 
>  
> Another suspicious area is all the local handling. The code appears to have 
> set its buffer sizes correctly before shell quoting was added. A worst case 
> shell quoting (size*5) seems to exceed buffers in several places 

I understand that - but bear in mind that there's a lot of sprintf's
strcpy's and strcat's, and each change introduces the possibility of new
bugs.  Now that 2.8.1's out, we can go back to mangling (aka improving) the
code for a couple of months, and (I hope) will be able to address most of
your concerns.

> Alan 


-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey
reply via email to
[Prev in Thread] Current Thread [Next in Thread]