[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev syslog sending sensitive info
|
From: |
Klaus Weide |
|
Subject: |
Re: lynx-dev syslog sending sensitive info |
|
Date: |
Tue, 7 Sep 1999 00:27:10 -0500 (CDT) |
On Mon, 6 Sep 1999, Gisle Vanem wrote:
> + if (is_url((char*)arg)) { /* proto://user:address@hidden/path:port */
> + /* ^this colon */
^
actually that one!
It's suspicious that you had to use a cast here to get rid of CONST.
Note that is_url may modify the string. So your prototype with CONST char *
is wrong.
> + char *colon = strchr(arg, ':');
> + char *at = strchr(arg, '@');
> +
> + if (colon && at && (colon < at) && colon > strchr(arg, '/')) {
This looks like it will do the wrong thing for "mailto:address@hidden";
or "news:address@hidden"; (a Message-Id). Not to mention some
other URLs that happen to have a '@' somewhere in the path.
> + char buf[1024];
> +
> + strncpy (buf, arg, (size_t)(colon-arg));
> + strcat (buf, "******");
> + strcat (buf, at);
You don't check whether the total length exceeds the fixed buffer size.
The patch alos addresses only one part of the problem; sensitive
information may be embedded in any part of a URL, especially a query
part after '?'. You just should not send your URLs to syslog in an
environment where someone can listen in. (which may well mean that
you shouldn't use this feature at all...)
Klaus