[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: lynx-dev Mailing from Lynx with Pine

From: David Woolley
Subject: Re: lynx-dev Mailing from Lynx with Pine
Date: Fri, 12 Apr 2002 22:40:26 +0100 (BST)

>   Thank you for looking at the patch. I will fix the uncontrolled sprintf,

There are two security holes:

1) the fact that shell meta characters can be injected from URLs;

2) the lack of any limit checking on the size of the buffer (500 bytes
   is quite typical of buffer sizes used on compromised systems; people
   looking for loopholes try long strings).

It is possible that other limits prevent your ever exceeding 500 characters,
but they would have to be heavily commented in both places to ensure that
no change ever violated that assumption, and even then anyone doing a
security audit would flag a problem.

The second problem is the most serious because people are actively seeking
this sort of problem.

> The answer to your first question is that is it using mime encoding as
> descibed in some RFC whose number escapes to me right now. RFC 15XX?

MIME defines 5 encodings:


Pine used base64 when it should have used quoted-printable.

; To UNSUBSCRIBE: Send "unsubscribe lynx-dev" to address@hidden

reply via email to

[Prev in Thread] Current Thread [Next in Thread]