[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV A bit of a security issue...i guess :/

From: Jonathan Sergent
Subject: Re: LYNX-DEV A bit of a security issue...i guess :/
Date: Mon, 04 Aug 1997 09:41:03 -0500

In message <address@hidden>, address@hidden writes:
 ] Hey,  I tried to send this message once before but i guess your mailling
 ] list thing was being worked on or something.  
 ] You block ports 25 and 19 in urls but youre not blocking the
 ] "wrap around" of it, when you add 65536 to the port.
 ] Hence you cant go to :25 but you can go to :65561.
 ] That pretty much makes the "Alert!: Port XX not permitted in URLs."
 ] useless.
 ] I already told jss about this and he said he is working on a 
 ] patch for it.
 ] dynamo

I was waiting for this to show up in the mailing list before saying anything...

It makes sense just to % the port with 65536 in LYGetFile.c before checking it
against 19 and 25.  Not worth making a patch, really...

; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.

reply via email to

[Prev in Thread] Current Thread [Next in Thread]