[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Lynx-dev] 3xcrash: NULL dereferencing and buffer overflows

From: Thomas Dickey
Subject: Re: [Lynx-dev] 3xcrash: NULL dereferencing and buffer overflows
Date: Sun, 25 Sep 2005 09:49:43 -0400
User-agent: Mutt/1.3.27i

On Sun, Sep 25, 2005 at 02:45:32AM +0200, Ulf Harnhammar wrote:
> 2) Buffer overflow when handling overly long prefix/suffix strings
> in lynx.cfg
> You can test this issue by applying the lynxcfg.prefixsuffix.patch
> file to lynx.cfg and then using lynx to connect to a host with no
> dots (lynx a).. notice how lynx crashes.
> The attached patch lynx.prefixsuffixcrash.patch corrects this bug.

well that's a workaround.  From the slice I see, a fix would
allocate the DomainSuffix and DomainPrefix strings rather than
truncating the given value.

(thanks for pointing this out).
> 3) Buffer overflow when lex() parses data from files
> I have attached the lynx.lexoverflow.patch file for this issue.

same comment (this one is a little more complicated to fix, but really
shouldn't be a fixed-size buffer).  They're both old code sections that
were overlooked in previous checks.

Thomas E. Dickey

reply via email to

[Prev in Thread] Current Thread [Next in Thread]