lynx-dev
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Some more security issues in Lynx...

From: Wayne Buttles
Subject: Re: lynx-dev Some more security issues in Lynx...
Date: Fri, 30 Oct 1998 17:56:16 -0500 (EST) 
What is snprintf?

I don't think it is on my older linux systems or my Borland compiler.

On Fri, 30 Oct 1998, brian j. pardy wrote:

> Some more possible problems we need to get taken care of...
> 
> ----- Forwarded message from Alan Cox <address@hidden> -----
> 
> From: address@hidden (Alan Cox)
> Subject: Re: Sendmail, lynx, Netscape, sshd, Linux kernel (twice)
> To: address@hidden
> Date: Fri, 30 Oct 1998 19:44:48 +0000 (GMT)
> In-Reply-To: <address@hidden> from "brian j. pardy" at Oct 28, 98 09:47:53 pm
> X-SBClass: OK
> 
> > FWIW, from CHANGES (for 2.8.1rel.2, the most recent version):
> > 
> > 1998-05-10 (2.8.1dev.10)
> > [...]
> > * fix for buffer-overrun in LYMail.c when processing a 
> > mailto:very-log-address
> >   URL - BL
> > 
> 
> I've got another patch brewing for you btw. There are a pile of other possible
> overrun cases that dont appear to be caught. I went through the code with
> some snprintf using macros to clean the ones  could see up. In paticular
> lynx regularly does shell expansion of a buffer into a buffer of similar
> (not 5 times) the size.
> 
> I notice you dont use snprintf - is that a Lynx policy decision.
> 
> Alan
> 
> ----- End forwarded message -----
> 
> -- 
> GPG & PGP public keys: <URL:http://www.psnw.com/~posterkid/keys/> 
> PGP fingerprint: 42 57 B3 D2 39 8E 74 C3  5E 4D AC 43 25 D2 26 D4
> 
> unix soit qui mal y pense
>
reply via email to
[Prev in Thread] Current Thread [Next in Thread]