Re: LYNX-DEV A bit of a security issue...i guess :/

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV A bit of a security issue...i guess :/

From:	Jonathan Sergent
Subject:	Re: LYNX-DEV A bit of a security issue...i guess :/
Date:	Mon, 04 Aug 1997 09:41:03 -0500

In message <address@hidden>, address@hidden writes:
 ] 
 ] Hey,  I tried to send this message once before but i guess your mailling
 ] list thing was being worked on or something.  
 ] 
 ] You block ports 25 and 19 in urls but youre not blocking the
 ] "wrap around" of it, when you add 65536 to the port.
 ] Hence you cant go to :25 but you can go to :65561.
 ] That pretty much makes the "Alert!: Port XX not permitted in URLs."
 ] useless.
 ] 
 ] I already told jss about this and he said he is working on a 
 ] patch for it.
 ] 
 ] dynamo

I was waiting for this to show up in the mailing list before saying anything...

It makes sense just to % the port with 65536 in LYGetFile.c before checking it
against 19 and 25.  Not worth making a patch, really...


--jss
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

[Prev in Thread]

Current Thread

[Next in Thread]

LYNX-DEV A bit of a security issue...i guess :/, dynamo, 1997/08/04
- Re: LYNX-DEV A bit of a security issue...i guess :/, Jonathan Sergent <=

Prev by Date: LYNX-DEV Re: lynx crashes on all terminals except the console
Next by Date: Re: LYNX-DEV Alert!: file: URLs via bookmarks are disallowed! ???
Previous by thread: LYNX-DEV A bit of a security issue...i guess :/
Next by thread: LYNX-DEV problems with current auto-config
Index(es):
- Date
- Thread