lynx-dev
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev lynx 2.8.x - 'special URLs' anti-spoofing protection is wea


From: Klaus Weide
Subject: Re: lynx-dev lynx 2.8.x - 'special URLs' anti-spoofing protection is weak
Date: Mon, 22 Nov 1999 21:08:25 -0600 (CST)

On Mon, 22 Nov 1999, T.E.Dickey wrote:

> > Actually, I forgot about the third nasty he finds, buffer overruns: 
> 
> there's fewer of them now, but probably impossible to remove all (if we
> can reproduce this one, we'll remove it).

HTTP.c:
  char line[INIT_LINE_SIZE];

Used with unchecked sprintf / strcpy / strcat.

Of course normally the data it operates on comes from local
configuration not from the network, so there won't be any strings that
overflow the buffer (unless you ask for it).


   Klaus


reply via email to

[Prev in Thread] Current Thread [Next in Thread]