Re: lynx-dev lynx getenv() overflow

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev lynx getenv() overflow

From:	dickey
Subject:	Re: lynx-dev lynx getenv() overflow
Date:	Thu, 21 Jan 1999 08:29:40 -0500 (EST)

> 990118 Jorge told us: 
> > Fix your bugs. 
> > It segfaults when you set your HOME envar to  >= 260  characters. 
> > It is exploitable, though I don't see why you'd want to, 
> > but I wrote it to those who are nonbelievers. 
>  
> this doesn't say what `it' is, but the following suggests you mean `Lynx'. 
>   
> > linux lynx overflow. what is it for? example code. 
> > my linux 2.0.35 boxen lynx 2.6 but i know that 2.8 is vuln as well 
> > because i did it on a debian system with lynx 2.8. 
>  
> Lynx 2-6 is  2,5 years  out-of-date; 2-8  1 year  out-of-date. 
> for the latest 2-8-1 (9810) goto  www.slcc.edu/lynx/release/ ; 
> for the latest development version goto  sol.slcc.edu/lynx/current/ . 

but still.  I put this on my list to verify (just because it doesn't
crash on one particular system doesn't mean that the problem doesn't
exist).
  
> i tested your claim on this IRIX 5.3 system with  setenv HOME 'zeros' , 
> where  zeros  = a set of  >= 300  0's; executing Lynx 2-8-1rel.1 
> encountered no problem beyond failing to find the bookmark file. 

> SUPPORT     ___________//___,  Philip Webb : address@hidden 

-- 
Thomas E. Dickey
address@hidden
http://www.clark.net/pub/dickey

[Prev in Thread]

Current Thread

[Next in Thread]

lynx-dev lynx getenv() overflow, jorge, 1999/01/18
- Re: lynx-dev lynx getenv() overflow, Philip Webb, 1999/01/21
- Re: lynx-dev lynx getenv() overflow, dickey <=

Prev by Date: Re: lynx-dev lynx getenv() overflow
Next by Date: Re: lynx-dev More system()'d commands don't work (was: SYSTEM_EDITOR arguments)
Previous by thread: Re: lynx-dev lynx getenv() overflow
Next by thread: lynx-dev lynx2.8.2dev.14
Index(es):
- Date
- Thread