[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Security holes.
|
From: |
Klaus Weide |
|
Subject: |
Re: lynx-dev Security holes. |
|
Date: |
Tue, 17 Nov 1998 08:51:29 -0600 (CST) |
On 16 Nov 1998 address@hidden wrote:
> The first part is to prevent from attacks/trojans of the type:
> <a href="rlogin://foo;address@hidden">foo</a> where the sysadmin doesn't want
> his
> users to be able to run a shell. Or
> <a href="rlogin://evil|address@hidden">foo</a> where the attacker
> has a rlogind (or a login script) that answer with commands that will be
> executed on the host running lynx.
> RCS file: /cvs/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTTelnet.c,v
> retrieving revision 1.1.1.1
> diff -u -w -u -r1.1.1.1 HTTelnet.c
> --- HTTelnet.c 1998/03/11 17:47:47 1.1.1.1
> +++ HTTelnet.c 1998/11/16 17:01:35
> @@ -73,8 +73,7 @@
> * *cp=0; / * terminate at any ;,<,>,`,|,",' or space or return
> * or tab to prevent security whole
> */
> - for(cp = (strchr(host, '@') ? strchr(host, '@') : host); *cp != '\0';
> - cp++) {
> + for(cp = host; *cp != '\0'; cp++) {
> if(!isalnum(*cp) && *cp != '_' && *cp != '-' &&
> *cp != ':' && *cp != '.' && *cp != '@') {
> *cp = '\0';
I thing it would be better to do this separately for the user string
(after it has been split from the hostname), and then get rid of a user
string with problematic characters completetely, rather than shortening
it. Or don't do it at all to the string that gets displayed. After all,
some of the excluded characters may be valid username characters on some
machine.
Klaus