[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Some more security issues in Lynx...

From: dickey
Subject: Re: lynx-dev Some more security issues in Lynx...
Date: Fri, 30 Oct 1998 18:23:33 -0500 (EST)

> I've got another patch brewing for you btw. There are a pile of other 
> possible 
> overrun cases that dont appear to be caught. I went through the code with 
> some snprintf using macros to clean the ones  could see up. In paticular 
> lynx regularly does shell expansion of a buffer into a buffer of similar 
> (not 5 times) the size. 
> I notice you dont use snprintf - is that a Lynx policy decision. 

It's a portability consideration (that's policy, I guess).  Lynx runs on a
number of platforms that don't have snprintf (Lynx has its own strcasecmp
for instance ;-).  The workarounds, of course, involve more work, but
that's what we'll do (i.e., splice things together from StrAllocCopy and
StrAllocCat when we don't know a precise limit).

But I don't mind being reminded...
> Alan 

Thomas E. Dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]