lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] use-after-free bug in cookie handling


From: Thomas Dickey
Subject: Re: [Lynx-dev] use-after-free bug in cookie handling
Date: Fri, 14 Aug 2015 21:03:49 -0400
User-agent: Mutt/1.5.20 (2009-06-14)

On Fri, Aug 14, 2015 at 08:35:57PM +0000, Thorsten Glaser wrote:
> Dixi quod…
> 
> >But it’ll probably fix the RedHat issue as well.
> 
> OK, I looked at that and the source in detail.
> 
> I looked at every match of HTList_removeObject in the source.
> All those not in src/LYCookie.c are almost certainly safe.
> 
> Those remaining in src/LYCookie.c other than what I fixed
> yesternight seem to be safe as well. I looked especially
> at those “HTList_removeObject(de->cookie_list, co);” calls,
> but since there’s a “break” after, and the loop variable
> is not used afterwards any more, they are probably safe.
> 
> The occurrences in other files are surprisingly different
> from src/LYCookie.c and in that consistent. This looks as
> if src/LYCookie.c was written by someone else, or rather
> two someones (those using while are easier to check to be
> safe than the for ones).

cookies were added later than most of the code using HTList,
and reworked more than once.  I'll take a look (thanks).

-- 
Thomas E. Dickey <address@hidden>
http://invisible-island.net
ftp://invisible-island.net

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]