Re: [Lynx-dev] use-after-free bug in cookie handling

[Thorsten Glaser]

Dixi quod…

>But it’ll probably fix the RedHat issue as well.

OK, I looked at that and the source in detail.

I looked at every match of HTList_removeObject in the source.
All those not in src/LYCookie.c are almost certainly safe.

Those remaining in src/LYCookie.c other than what I fixed
yesternight seem to be safe as well. I looked especially
at those “HTList_removeObject(de->cookie_list, co);” calls,
but since there’s a “break” after, and the loop variable
is not used afterwards any more, they are probably safe.

The occurrences in other files are surprisingly different
from src/LYCookie.c and in that consistent. This looks as
if src/LYCookie.c was written by someone else, or rather
two someones (those using while are easier to check to be
safe than the for ones).

bye,
//mirabilos
-- 
> emacs als auch vi zum Kotzen finde (joe rules) und pine für den einzig
> bedienbaren textmode-mailclient halte (und ich hab sie alle ausprobiert). ;)
Hallooooo, ich bin der Holger ("Hallo Holger!"), und ich bin ebenfalls
... pine-User, und das auch noch gewohnheitsmäßig ("Oooooooohhh").  [aus dasr]