lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev frag redir crash fixes


From: Leonid Pauzner
Subject: Re: lynx-dev frag redir crash fixes
Date: Wed, 26 Apr 2000 14:36:40 +0400 (MSD)

25-Apr-2000 12:19 Klaus Weide wrote:
> Some redirection message can lead to invalid memory access.  A malicious
> server could use this to cause a SIGSEGV etc. (or equivalent on other
> platforms).  (Write to me privately if you want a demonstration.)

>    Klaus

> * Avoid invalid memory access that can result from redirection messages
>   that include a fragment in the new URL.

Does this have something with --enable-internal-links /
--disable-internal-links ?
I have a feeling the problem may happen
for only one configuration (just a guess).


> (patch against 2.8.3pre.6 - nothing should have changed here since then.)
> Index: 1.35/WWW/Library/Implementation/HTAccess.c
> --- 1.35/WWW/Library/Implementation/HTAccess.c Tue, 18 Apr 2000 10:26:31 -0500
> +++ 1.35(w)/WWW/Library/Implementation/HTAccess.c Tue, 25 Apr 2000 12:09:26 
> -0500
> @@ -823,7 +823,7 @@
>           NewDoc.bookmark = anchor->bookmark;
>           NewDoc.isHEAD = anchor->isHEAD;
>           NewDoc.safe = anchor->safe;
> -         anchor = (HTParentAnchor *)HTAnchor_findAddress(&NewDoc);
> +         anchor = HTAnchor_parent(HTAnchor_findAddress(&NewDoc));
>       }
>      }
>      /*
> Index: 1.35/src/LYGetFile.c
> --- 1.35/src/LYGetFile.c Tue, 18 Apr 2000 10:26:31 -0500
> +++ 1.35(w)/src/LYGetFile.c Tue, 25 Apr 2000 12:09:29 -0500
> @@ -1055,11 +1055,14 @@
>                           return(NULLFILE);

>                       } else {
> -                     /*
> -                      *  May set www_search_result.
> -                      */
> -                         if (pound != NULL)
> +                         if (pound != NULL) {
> +                             if (!HTMainText) /* this should not happen... */
> +                                 return(NULLFILE); /* but it can. - kw */
> +                             /*
> +                              *  May set www_search_result.
> +                              */
>                               HTFindPoundSelector(pound+1);
> +                         }
>                           return(NORMAL);
>                       }
>                   }





reply via email to

[Prev in Thread] Current Thread [Next in Thread]