[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Lynx-dev] 3xcrash: NULL dereferencing and buffer overflows
|
From: |
Thomas Dickey |
|
Subject: |
Re: [Lynx-dev] 3xcrash: NULL dereferencing and buffer overflows |
|
Date: |
Sun, 25 Sep 2005 09:49:43 -0400 |
|
User-agent: |
Mutt/1.3.27i |
On Sun, Sep 25, 2005 at 02:45:32AM +0200, Ulf Harnhammar wrote:
> 2) Buffer overflow when handling overly long prefix/suffix strings
> in lynx.cfg
>
> You can test this issue by applying the lynxcfg.prefixsuffix.patch
> file to lynx.cfg and then using lynx to connect to a host with no
> dots (lynx a).. notice how lynx crashes.
>
> The attached patch lynx.prefixsuffixcrash.patch corrects this bug.
well that's a workaround. From the slice I see, a fix would
allocate the DomainSuffix and DomainPrefix strings rather than
truncating the given value.
(thanks for pointing this out).
>
> 3) Buffer overflow when lex() parses data from files
>
> I have attached the lynx.lexoverflow.patch file for this issue.
same comment (this one is a little more complicated to fix, but really
shouldn't be a fixed-size buffer). They're both old code sections that
were overlooked in previous checks.
--
Thomas E. Dickey
http://invisible-island.net
ftp://invisible-island.net