[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: lynx-dev frag redir crash fixes
|
From: |
Leonid Pauzner |
|
Subject: |
Re: lynx-dev frag redir crash fixes |
|
Date: |
Wed, 26 Apr 2000 14:36:40 +0400 (MSD) |
25-Apr-2000 12:19 Klaus Weide wrote:
> Some redirection message can lead to invalid memory access. A malicious
> server could use this to cause a SIGSEGV etc. (or equivalent on other
> platforms). (Write to me privately if you want a demonstration.)
> Klaus
> * Avoid invalid memory access that can result from redirection messages
> that include a fragment in the new URL.
Does this have something with --enable-internal-links /
--disable-internal-links ?
I have a feeling the problem may happen
for only one configuration (just a guess).
> (patch against 2.8.3pre.6 - nothing should have changed here since then.)
> Index: 1.35/WWW/Library/Implementation/HTAccess.c
> --- 1.35/WWW/Library/Implementation/HTAccess.c Tue, 18 Apr 2000 10:26:31 -0500
> +++ 1.35(w)/WWW/Library/Implementation/HTAccess.c Tue, 25 Apr 2000 12:09:26
> -0500
> @@ -823,7 +823,7 @@
> NewDoc.bookmark = anchor->bookmark;
> NewDoc.isHEAD = anchor->isHEAD;
> NewDoc.safe = anchor->safe;
> - anchor = (HTParentAnchor *)HTAnchor_findAddress(&NewDoc);
> + anchor = HTAnchor_parent(HTAnchor_findAddress(&NewDoc));
> }
> }
> /*
> Index: 1.35/src/LYGetFile.c
> --- 1.35/src/LYGetFile.c Tue, 18 Apr 2000 10:26:31 -0500
> +++ 1.35(w)/src/LYGetFile.c Tue, 25 Apr 2000 12:09:29 -0500
> @@ -1055,11 +1055,14 @@
> return(NULLFILE);
> } else {
> - /*
> - * May set www_search_result.
> - */
> - if (pound != NULL)
> + if (pound != NULL) {
> + if (!HTMainText) /* this should not happen... */
> + return(NULLFILE); /* but it can. - kw */
> + /*
> + * May set www_search_result.
> + */
> HTFindPoundSelector(pound+1);
> + }
> return(NORMAL);
> }
> }