[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
LYNX-DEV Patch for download bug to lynx2-7-1
|
From: |
Jim Spath (Webmaster Jim) |
|
Subject: |
LYNX-DEV Patch for download bug to lynx2-7-1 |
|
Date: |
Sat, 28 Jun 1997 10:35:44 -0400 (EDT) |
Below is a context diff of a patch to lynx2-7-1 to hopefully plug
the download hole. Again, this is based on Fote's work of the
other day to his personal mods. If someone could verify this at
least prevents the published vulnerability, I'll put it up for
distribution on Scott's www.slcc.edu machine.
*** src/LYDownload.c.df Sun Sep 1 12:24:10 1996
--- src/LYDownload.c Sat Jun 28 09:53:58 1997
***************
*** 36,50 ****
PUBLIC BOOLEAN LYDidRename = FALSE;
#endif /* VMS */
PUBLIC void LYDownload ARGS1(char *,line)
{
! char *Line=NULL, *method, *file, *sug_file=NULL;
int method_number;
int count;
char buffer[256];
char command[256];
char *cp;
! lynx_html_item_type *download_command=0;
int c, len;
FILE *fp;
int ch, recall;
--- 36,52 ----
PUBLIC BOOLEAN LYDidRename = FALSE;
#endif /* VMS */
+ PRIVATE char LYValidDownloadFile[256] = "\0";
+
PUBLIC void LYDownload ARGS1(char *,line)
{
! char *Line = NULL, *method, *file, *sug_file = NULL;
int method_number;
int count;
char buffer[256];
char command[256];
char *cp;
! lynx_html_item_type *download_command = 0;
int c, len;
FILE *fp;
int ch, recall;
***************
*** 57,62 ****
--- 59,77 ----
LYDidRename = FALSE;
#endif /* VMS */
+ /*
+ * Make sure we have a valid download
+ * file comparison string loaded via
+ * the download options menu. - FM
+ */
+ if (LYValidDownloadFile[0] == '\0') {
+ goto failed;
+ }
+
+ /*
+ * Make a copy of the LYNXDOWNLOAD
+ * internal URL for parsing. - FM
+ */
StrAllocCopy(Line, line);
/* parse out the sug_file, Method and the File */
***************
*** 71,76 ****
--- 86,99 ----
*(file-1) = '\0';
/* go past "File=" */
file+=5;
+ /*
+ * Make sure that the file string is the one from
+ * the last displayed download options menu. - FM
+ */
+ if (strcmp(file, LYValidDownloadFile)) {
+ goto failed;
+ }
+
#ifdef DIRED_SUPPORT
if (!strncmp(file,"file://localhost",16))
***************
*** 506,512 ****
{
static char tempfile[256];
static BOOLEAN first = TRUE;
! char download_filename[256];
char *sug_filename=NULL;
FILE *fp0;
lynx_html_item_type *cur_download;
--- 529,535 ----
{
static char tempfile[256];
static BOOLEAN first = TRUE;
! static char download_filename[256];
char *sug_filename=NULL;
FILE *fp0;
lynx_html_item_type *cur_download;
***************
*** 530,535 ****
--- 553,562 ----
HTAlert(CANNOT_OPEN_TEMP);
return(-1);
}
+ LYstrncpy(LYValidDownloadFile,
+ data_file,
+ (sizeof(LYValidDownloadFile) - 1));
+
/* make the file a URL now */
#ifdef VMS
------
<http://www.cs.indiana.edu/picons/db/users/us/md/lib/bcpl/jspath/face.xbm>
Marvin the Paranoid Android says:
Why stop now just when I'm hating it?
;
; To UNSUBSCRIBE: Send a mail message to address@hidden
; with "unsubscribe lynx-dev" (without the
; quotation marks) on a line by itself.
;
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- LYNX-DEV Patch for download bug to lynx2-7-1,
Jim Spath (Webmaster Jim) <=