[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev Mailing from Lynx with Pine
|
From: |
David Woolley |
|
Subject: |
Re: lynx-dev Mailing from Lynx with Pine |
|
Date: |
Fri, 12 Apr 2002 22:40:26 +0100 (BST) |
> Thank you for looking at the patch. I will fix the uncontrolled sprintf,
There are two security holes:
1) the fact that shell meta characters can be injected from URLs;
2) the lack of any limit checking on the size of the buffer (500 bytes
is quite typical of buffer sizes used on compromised systems; people
looking for loopholes try long strings).
It is possible that other limits prevent your ever exceeding 500 characters,
but they would have to be heavily commented in both places to ensure that
no change ever violated that assumption, and even then anyone doing a
security audit would flag a problem.
The second problem is the most serious because people are actively seeking
this sort of problem.
> The answer to your first question is that is it using mime encoding as
> descibed in some RFC whose number escapes to me right now. RFC 15XX?
MIME defines 5 encodings:
7bit
8bit
binary
quoted-printable
base64
Pine used base64 when it should have used quoted-printable.
; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden