[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] use-after-free bug in cookie handling
From: |
Thomas Dickey |
Subject: |
Re: [Lynx-dev] use-after-free bug in cookie handling |
Date: |
Fri, 14 Aug 2015 21:03:49 -0400 |
User-agent: |
Mutt/1.5.20 (2009-06-14) |
On Fri, Aug 14, 2015 at 08:35:57PM +0000, Thorsten Glaser wrote:
> Dixi quod…
>
> >But it’ll probably fix the RedHat issue as well.
>
> OK, I looked at that and the source in detail.
>
> I looked at every match of HTList_removeObject in the source.
> All those not in src/LYCookie.c are almost certainly safe.
>
> Those remaining in src/LYCookie.c other than what I fixed
> yesternight seem to be safe as well. I looked especially
> at those “HTList_removeObject(de->cookie_list, co);” calls,
> but since there’s a “break” after, and the loop variable
> is not used afterwards any more, they are probably safe.
>
> The occurrences in other files are surprisingly different
> from src/LYCookie.c and in that consistent. This looks as
> if src/LYCookie.c was written by someone else, or rather
> two someones (those using while are easier to check to be
> safe than the for ones).
cookies were added later than most of the code using HTList,
and reworked more than once. I'll take a look (thanks).
--
Thomas E. Dickey <address@hidden>
http://invisible-island.net
ftp://invisible-island.net
signature.asc
Description: Digital signature