Re: lynx-dev Lynx buffer mismanagement

[Theo de Raadt]

> 980508 Laura Eaves wrote: 
> > 980508 Thomas Dickey wrote:
> >> 980508 Theo de Raadt wrote:
> >>> Lynx source code is rife with really really bad buffer mismanagement. 
> >>> Any plans to fix any of this soon? 
> >> are you volunteering to help?

> > It would help if you pointed out the specific places
> > where the buffer is mismanaged.
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Sigh.  Obviously, the point has been completely missed.


> you (TdR) may well be correct, but you should understand
> that maintenance & development of Lynx is at the generosity & mercy
> of an international community of volunteer programmers,
> some of whom -- incl LE & TD -- started out as users making inquiries.

Funny, I work on an entire operating system, and we have had no problem
checking our own code for trivial programming errors, and then fixing
those problems.

> so if you have the necessary experience at C programming
> & have the time available to help,

I certainly do not have time to do the job that the lynx people should
be doing themselves.  Go through your code, fix all the buffer overflows.
It's obvious.  Every strcpy, strcat, sprintf, and every place where *p++
goes beyond the end of the buffer.

Just read the code, understand it, and fix it.

> do let everyone know exactly where you see room for improvement

ALL OVER THE CODE.  It's horrible; there's probably 400 buffer
overflows in lynx of some sort or another, and it's shameful that
noone has sat down and tried to improve the code quality before.

> & do feel very welcome to contribute patches of your own.
> the latest 2-8 is at  www.slcc.edu/lynx/release/
> & the latest development version is at  -/-/current/  (i believe);
> TD is the current volunteer co-ordinator.

Sorry, but it's the lynx' team's responsibility to improve their own
code.  I've got my own to work on.  I'm simply pointing out that lynx
is in very bad need of a code review.