[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev lynx 2.8.x - 'special URLs' anti-spoofing protection is wea
From: |
Klaus Weide |
Subject: |
Re: lynx-dev lynx 2.8.x - 'special URLs' anti-spoofing protection is weak |
Date: |
Mon, 22 Nov 1999 21:08:25 -0600 (CST) |
On Mon, 22 Nov 1999, T.E.Dickey wrote:
> > Actually, I forgot about the third nasty he finds, buffer overruns:
>
> there's fewer of them now, but probably impossible to remove all (if we
> can reproduce this one, we'll remove it).
HTTP.c:
char line[INIT_LINE_SIZE];
Used with unchecked sprintf / strcpy / strcat.
Of course normally the data it operates on comes from local
configuration not from the network, so there won't be any strings that
overflow the buffer (unless you ask for it).
Klaus