Re: LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com

lynx-dev

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com

From:	Bela Lubkin
Subject:	Re: LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com
Date:	Sat, 8 Feb 1997 21:11:27 -0800

Larry W. Virden wrote:

> This one occurs right after I select tv guide television lists, enter my
> login and password and am then prompted
> about whether to accept their cookies.  I responded Always.

This one I can't duplicate.  Note that I am running the first 2-7
prerelease, of 02-03-97; you earlier mentioned yours was 02-06-97?

I do:

  lynx http://www.tvguide.com/tv/listings/

and enter my (newly created) username/password.

Do this with trace turned on; the cookie code traces some useful
details.

>   [4] strlen(), at 0xef61754c
>   [5] LYstrncpy(dst = 0x1ee890 "", src = (nil), n = 0), line 33 in 
> "LYStrings.c"
>   [6] MemAllocCopy(dest = 0x1ec158, start = (nil), end = (nil)), line 105 in 
> "LYCookie.c"
>   [7] LYSetCookie(header = 0x1e7eb0 "TVG_PLANNER=Early 
> Edition|01/003kqzpr.sml|0|853642800||199701182000&&Mighty 
> Ducks|96/003kt3gr.sml|0|853538400|WTTE|199701171500&&Samurai Pizza 
> C|28/003hzlcr.sml|0|853534800|WTTE|199701171400&& ;expires=Wed, 30-Apr-1997 
> 00:00:00 GMT;domain=www.tvguide.com; path=/tv/listings/cgi-bin/;", address = 
> 0x1ddb10 "http://www.tvguide.com/tv/listings/cgi-bin/login.pl";), line 721 in 
> "LYCookie.c"

We can see what has happened here, but not why.  LYSetCookie was called
with a big ugly cookie.  It ended up calling MemAllocCopy with null
parameters, which is wrong, and eventually blew up down in strlen().

When I go to the same link, the cookie I get looks like this (from trace
output):

Set-cookie: 
TVG_USER=User:filbo&&&Pass:r1nYzcfMpv4Jo&&&Region:95060-FR-PST/PDT;expires=Wed, 
30-Apr-1997 00:00:00 GMT;domain=www.tvguide.com; path=/;^M

Note TVG_USER rather than TVG_PLANNER, and that it's crammed an
encrypted version of my site password into the cookie (this is
secure???) (I garbled it, for what it's worth).

I think you are using a different piece of this service.  Run it with
trace.  Show the exact URL that caused the failure.  Show the cookie
processing from the trace output.  (lynx http://whatever 2>trace.out;
then hit ^T before going to the harmful link.  This doesn't work in
csh-like shells, use sh/ksh/bash/zsh)

>Bela<
;
; To UNSUBSCRIBE:  Send a mail message to address@hidden
;                  with "unsubscribe lynx-dev" (without the
;                  quotation marks) on a line by itself.
;

[Prev in Thread]

Current Thread

[Next in Thread]

LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com, Larry W. Virden, x2487, 1997/02/08
- Re: LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com, Bela Lubkin <=
  - Re: LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com, Larry W. Virden, x2487, 1997/02/09
- Re: LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com, Bela Lubkin, 1997/02/09

Prev by Date: Re: LYNX-DEV lynx-dev archive
Next by Date: Re: LYNX-DEV [patch] New feature: 'G' goes to a parent document
Previous by thread: LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com
Next by thread: Re: LYNX-DEV lynx 2-7 pre-release core dump at www.tvguide.com
Index(es):
- Date
- Thread