Annotation of /trunk/lynx/patches/lynx-2.8.5rel.3.patch
Parent Directory | Revision Log
Revision 153 -
(hide annotations)
(download)
Tue May 8 20:52:56 2007 UTC (17 years, 5 months ago) by niro
File size: 12974 byte(s)
Tue May 8 20:52:56 2007 UTC (17 years, 5 months ago) by niro
File size: 12974 byte(s)
-import
1 | niro | 153 | # ------------------------------------------------------------------------------ |
2 | # CHANGES | 5 ++ | ||
3 | # WWW/Library/Implementation/HTMIME.c | 82 +++++++++++++++++++-------------- | ||
4 | # WWW/Library/Implementation/HTMIME.h | 12 ---- | ||
5 | # WWW/Library/Implementation/HTNews.c | 83 +++++++++------------------------- | ||
6 | # configure | 2 | ||
7 | # configure.in | 4 - | ||
8 | # lynx.cfg | 4 - | ||
9 | # userdefs.h | 4 - | ||
10 | # 8 files changed, 84 insertions(+), 112 deletions(-) | ||
11 | # ------------------------------------------------------------------------------ | ||
12 | Index: CHANGES | ||
13 | --- 2.8.5rel.2/CHANGES Thu Apr 22 16:08:10 2004 | ||
14 | +++ 2.8.5rel.3/CHANGES Mon Oct 17 13:47:09 2005 | ||
15 | @@ -1,6 +1,11 @@ | ||
16 | Changes since Lynx 2.8 release | ||
17 | =============================================================================== | ||
18 | |||
19 | +2004-10-17 (2.8.5rel.3 fixes from 2.8.6dev.14) | ||
20 | +* eliminate fixed-size buffers in LYExpandHostForURL() to guard against | ||
21 | + buffer overflow resulting from too-long domain prefix/suffix data from | ||
22 | + lynx.cfg (report by Ulf Harnhammar, CAN-2005-3120) -TD | ||
23 | + | ||
24 | 2004-04-22 (2.8.5rel.2 fixes from 2.8.6dev.1) | ||
25 | * correct ifdef in LYgetattrs() to ensure that getattrs() is used only if the | ||
26 | configure script actually found it (report/patch by Paul Gilmartin). | ||
27 | Index: WWW/Library/Implementation/HTMIME.c | ||
28 | Prereq: 0.2 | ||
29 | --- 2.8.5rel.2/WWW/Library/Implementation/HTMIME.c Wed Jan 7 18:03:09 2004 | ||
30 | +++ 2.8.5rel.3/WWW/Library/Implementation/HTMIME.c Mon Oct 17 13:47:09 2005 | ||
31 | @@ -2062,27 +2062,23 @@ | ||
32 | ** | ||
33 | ** Written by S. Ichikawa, | ||
34 | ** partially inspired by encdec.c of <jh@efd.lth.se>. | ||
35 | -** Assume caller's buffer is LINE_LENGTH bytes, these decode to | ||
36 | -** no longer than the input strings. | ||
37 | */ | ||
38 | -#define LINE_LENGTH 512 /* Maximum length of line of ARTICLE etc */ | ||
39 | -#ifdef ESC | ||
40 | -#undef ESC | ||
41 | -#endif /* ESC */ | ||
42 | #include <LYCharVals.h> /* S/390 -- gil -- 0163 */ | ||
43 | -#define ESC CH_ESC | ||
44 | |||
45 | PRIVATE char HTmm64[] = | ||
46 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" ; | ||
47 | PRIVATE char HTmmquote[] = "0123456789ABCDEF"; | ||
48 | PRIVATE int HTmmcont = 0; | ||
49 | |||
50 | -PUBLIC void HTmmdec_base64 ARGS2( | ||
51 | - char *, t, | ||
52 | +PRIVATE void HTmmdec_base64 ARGS2( | ||
53 | + char **, t, | ||
54 | char *, s) | ||
55 | { | ||
56 | int d, count, j, val; | ||
57 | - char buf[LINE_LENGTH], *bp, nw[4], *p; | ||
58 | + char *buf, *bp, nw[4], *p; | ||
59 | + | ||
60 | + if ((buf = malloc(strlen(s) * 3 + 1)) == 0) | ||
61 | + outofmem(__FILE__, "HTmmdec_base64"); | ||
62 | |||
63 | for (bp = buf; *s; s += 4) { | ||
64 | val = 0; | ||
65 | @@ -2113,14 +2109,18 @@ | ||
66 | *bp++ = nw[2]; | ||
67 | } | ||
68 | *bp = '\0'; | ||
69 | - strcpy(t, buf); | ||
70 | + StrAllocCopy(*t, buf); | ||
71 | + FREE(buf); | ||
72 | } | ||
73 | |||
74 | -PUBLIC void HTmmdec_quote ARGS2( | ||
75 | - char *, t, | ||
76 | +PRIVATE void HTmmdec_quote ARGS2( | ||
77 | + char **, t, | ||
78 | char *, s) | ||
79 | { | ||
80 | - char buf[LINE_LENGTH], cval, *bp, *p; | ||
81 | + char *buf, cval, *bp, *p; | ||
82 | + | ||
83 | + if ((buf = malloc(strlen(s) + 1)) == 0) | ||
84 | + outofmem(__FILE__, "HTmmdec_quote"); | ||
85 | |||
86 | for (bp = buf; *s; ) { | ||
87 | if (*s == '=') { | ||
88 | @@ -2147,23 +2147,27 @@ | ||
89 | } | ||
90 | } | ||
91 | *bp = '\0'; | ||
92 | - strcpy(t, buf); | ||
93 | + StrAllocCopy(*t, buf); | ||
94 | + FREE(buf); | ||
95 | } | ||
96 | |||
97 | /* | ||
98 | ** HTmmdecode for ISO-2022-JP - FM | ||
99 | */ | ||
100 | PUBLIC void HTmmdecode ARGS2( | ||
101 | - char *, trg, | ||
102 | + char **, trg, | ||
103 | char *, str) | ||
104 | { | ||
105 | - char buf[LINE_LENGTH], mmbuf[LINE_LENGTH]; | ||
106 | + char *buf; | ||
107 | + char *mmbuf = NULL; | ||
108 | + char *m2buf = NULL; | ||
109 | char *s, *t, *u; | ||
110 | int base64, quote; | ||
111 | |||
112 | - buf[0] = '\0'; | ||
113 | - | ||
114 | - for (s = str, u = buf; *s; ) { | ||
115 | + if ((buf = malloc(strlen(str) + 1)) == 0) | ||
116 | + outofmem(__FILE__, "HTmmdecode"); | ||
117 | + | ||
118 | + for (s = str, u = buf; *s;) { | ||
119 | if (!strncasecomp(s, "=?ISO-2022-JP?B?", 16)) { | ||
120 | base64 = 1; | ||
121 | } else { | ||
122 | @@ -2181,11 +2185,14 @@ | ||
123 | u--; | ||
124 | } | ||
125 | } | ||
126 | + if (mmbuf == 0) /* allocate buffer big enough for source */ | ||
127 | + StrAllocCopy(mmbuf, str); | ||
128 | for (s += 16, t = mmbuf; *s; ) { | ||
129 | if (s[0] == '?' && s[1] == '=') { | ||
130 | break; | ||
131 | } else { | ||
132 | *t++ = *s++; | ||
133 | + *t = '\0'; | ||
134 | } | ||
135 | } | ||
136 | if (s[0] != '?' || s[1] != '=') { | ||
137 | @@ -2195,14 +2202,12 @@ | ||
138 | *t = '\0'; | ||
139 | } | ||
140 | if (base64) | ||
141 | - HTmmdec_base64(mmbuf, mmbuf); | ||
142 | + HTmmdec_base64(&m2buf, mmbuf); | ||
143 | if (quote) | ||
144 | - HTmmdec_quote(mmbuf, mmbuf); | ||
145 | - for (t = mmbuf; *t; ) | ||
146 | + HTmmdec_quote(&m2buf, mmbuf); | ||
147 | + for (t = m2buf; *t; ) | ||
148 | *u++ = *t++; | ||
149 | HTmmcont = 1; | ||
150 | - /* if (*s == ' ' || *s == '\t') *u++ = *s; */ | ||
151 | - /* for ( ; *s == ' ' || *s == '\t'; s++) ; */ | ||
152 | } else { | ||
153 | if (*s != ' ' && *s != '\t') | ||
154 | HTmmcont = 0; | ||
155 | @@ -2211,7 +2216,10 @@ | ||
156 | } | ||
157 | *u = '\0'; | ||
158 | end: | ||
159 | - strcpy(trg, buf); | ||
160 | + StrAllocCopy(*t, buf); | ||
161 | + FREE(m2buf); | ||
162 | + FREE(mmbuf); | ||
163 | + FREE(buf); | ||
164 | } | ||
165 | |||
166 | /* | ||
167 | @@ -2219,22 +2227,27 @@ | ||
168 | ** (The author of this function "rjis" is S. Ichikawa.) | ||
169 | */ | ||
170 | PUBLIC int HTrjis ARGS2( | ||
171 | - char *, t, | ||
172 | + char **, t, | ||
173 | char *, s) | ||
174 | { | ||
175 | - char *p, buf[LINE_LENGTH]; | ||
176 | + char *p; | ||
177 | + char *buf = NULL; | ||
178 | int kanji = 0; | ||
179 | |||
180 | - if (strchr(s, ESC) || !strchr(s, '$')) { | ||
181 | - if (s != t) | ||
182 | - strcpy(t, s); | ||
183 | + if (strchr(s, CH_ESC) || !strchr(s, '$')) { | ||
184 | + if (s != *t) | ||
185 | + StrAllocCopy(*t, s); | ||
186 | return 1; | ||
187 | } | ||
188 | + | ||
189 | + if ((buf = malloc(strlen(s) * 2 + 1)) == 0) | ||
190 | + outofmem(__FILE__, "HTrjis"); | ||
191 | + | ||
192 | for (p = buf; *s; ) { | ||
193 | if (!kanji && s[0] == '$' && (s[1] == '@' || s[1] == 'B')) { | ||
194 | if (HTmaybekanji((int)s[2], (int)s[3])) { | ||
195 | kanji = 1; | ||
196 | - *p++ = ESC; | ||
197 | + *p++ = CH_ESC; | ||
198 | *p++ = *s++; | ||
199 | *p++ = *s++; | ||
200 | *p++ = *s++; | ||
201 | @@ -2246,7 +2259,7 @@ | ||
202 | } | ||
203 | if (kanji && s[0] == '(' && (s[1] == 'J' || s[1] == 'B')) { | ||
204 | kanji = 0; | ||
205 | - *p++ = ESC; | ||
206 | + *p++ = CH_ESC; | ||
207 | *p++ = *s++; | ||
208 | *p++ = *s++; | ||
209 | continue; | ||
210 | @@ -2255,7 +2268,8 @@ | ||
211 | } | ||
212 | *p = *s; /* terminate string */ | ||
213 | |||
214 | - strcpy(t, buf); | ||
215 | + StrAllocCopy(*t, buf); | ||
216 | + FREE(buf); | ||
217 | return 0; | ||
218 | } | ||
219 | |||
220 | Index: WWW/Library/Implementation/HTMIME.h | ||
221 | --- 2.8.5rel.2/WWW/Library/Implementation/HTMIME.h Wed Jan 22 01:43:13 2003 | ||
222 | +++ 2.8.5rel.3/WWW/Library/Implementation/HTMIME.h Mon Oct 17 13:47:09 2005 | ||
223 | @@ -67,20 +67,12 @@ | ||
224 | For handling Japanese headers. | ||
225 | |||
226 | */ | ||
227 | -extern void HTmmdec_base64 PARAMS(( | ||
228 | - char * t, | ||
229 | - char * s)); | ||
230 | - | ||
231 | -extern void HTmmdec_quote PARAMS(( | ||
232 | - char * t, | ||
233 | - char * s)); | ||
234 | - | ||
235 | extern void HTmmdecode PARAMS(( | ||
236 | - char * trg, | ||
237 | + char ** trg, | ||
238 | char * str)); | ||
239 | |||
240 | extern int HTrjis PARAMS(( | ||
241 | - char * t, | ||
242 | + char ** t, | ||
243 | char * s)); | ||
244 | |||
245 | extern int HTmaybekanji PARAMS(( | ||
246 | Index: WWW/Library/Implementation/HTNews.c | ||
247 | --- 2.8.5rel.2/WWW/Library/Implementation/HTNews.c Wed Jan 7 18:03:09 2004 | ||
248 | +++ 2.8.5rel.3/WWW/Library/Implementation/HTNews.c Mon Oct 17 13:47:09 2005 | ||
249 | @@ -940,7 +940,6 @@ | ||
250 | } | ||
251 | } | ||
252 | |||
253 | -#ifdef SH_EX /* for MIME */ | ||
254 | #ifdef NEWS_DEBUG | ||
255 | /* for DEBUG 1997/11/07 (Fri) 17:20:16 */ | ||
256 | void debug_print(unsigned char *p) | ||
257 | @@ -962,45 +961,15 @@ | ||
258 | } | ||
259 | #endif | ||
260 | |||
261 | -static char *decode_mime(char *str) | ||
262 | +static char *decode_mime(char **str) | ||
263 | { | ||
264 | - char temp[LINE_LENGTH]; /* FIXME: what determines the actual size? */ | ||
265 | - char *p, *q; | ||
266 | - | ||
267 | - if (str == NULL) | ||
268 | - return ""; | ||
269 | - | ||
270 | +#ifdef SH_EX | ||
271 | if (HTCJK != JAPANESE) | ||
272 | - return str; | ||
273 | - | ||
274 | - LYstrncpy(temp, str, sizeof(temp) - 1); | ||
275 | - q = temp; | ||
276 | - while ((p = strchr(q, '=')) != 0) { | ||
277 | - if (p[1] == '?') { | ||
278 | - HTmmdecode(p, p); | ||
279 | - q = p + 2; | ||
280 | - } else { | ||
281 | - q = p + 1; | ||
282 | - } | ||
283 | - } | ||
284 | -#ifdef NEWS_DEBUG | ||
285 | - printf("new=["); | ||
286 | - debug_print(temp); | ||
287 | + return *str; | ||
288 | #endif | ||
289 | - HTrjis(temp, temp); | ||
290 | - strcpy(str, temp); | ||
291 | - | ||
292 | - return str; | ||
293 | -} | ||
294 | -#else /* !SH_EX */ | ||
295 | -static char *decode_mime ARGS1(char *, str) | ||
296 | -{ | ||
297 | - HTmmdecode(str, str); | ||
298 | - HTrjis(str, str); | ||
299 | - return str; | ||
300 | + HTmmdecode(str, *str); | ||
301 | + return HTrjis(str, *str) ? *str : ""; | ||
302 | } | ||
303 | -#endif | ||
304 | - | ||
305 | |||
306 | /* Read in an Article read_article | ||
307 | ** ------------------ | ||
308 | @@ -1087,22 +1056,22 @@ | ||
309 | |||
310 | } else if (match(full_line, "SUBJECT:")) { | ||
311 | StrAllocCopy(subject, HTStrip(strchr(full_line,':')+1)); | ||
312 | - decode_mime(subject); | ||
313 | + decode_mime(&subject); | ||
314 | } else if (match(full_line, "DATE:")) { | ||
315 | StrAllocCopy(date, HTStrip(strchr(full_line,':')+1)); | ||
316 | |||
317 | } else if (match(full_line, "ORGANIZATION:")) { | ||
318 | StrAllocCopy(organization, | ||
319 | HTStrip(strchr(full_line,':')+1)); | ||
320 | - decode_mime(organization); | ||
321 | + decode_mime(&organization); | ||
322 | |||
323 | } else if (match(full_line, "FROM:")) { | ||
324 | StrAllocCopy(from, HTStrip(strchr(full_line,':')+1)); | ||
325 | - decode_mime(from); | ||
326 | + decode_mime(&from); | ||
327 | |||
328 | } else if (match(full_line, "REPLY-TO:")) { | ||
329 | StrAllocCopy(replyto, HTStrip(strchr(full_line,':')+1)); | ||
330 | - decode_mime(replyto); | ||
331 | + decode_mime(&replyto); | ||
332 | |||
333 | } else if (match(full_line, "NEWSGROUPS:")) { | ||
334 | StrAllocCopy(newsgroups, HTStrip(strchr(full_line,':')+1)); | ||
335 | @@ -1711,8 +1680,8 @@ | ||
336 | int, last_required) | ||
337 | { | ||
338 | char line[LINE_LENGTH+1]; | ||
339 | - char author[LINE_LENGTH+1]; | ||
340 | - char subject[LINE_LENGTH+1]; | ||
341 | + char *author = NULL; | ||
342 | + char *subject = NULL; | ||
343 | char *date = NULL; | ||
344 | int i; | ||
345 | char *p; | ||
346 | @@ -1725,7 +1694,6 @@ | ||
347 | int status, count, first, last; /* Response fields */ | ||
348 | /* count is only an upper limit */ | ||
349 | |||
350 | - author[0] = '\0'; | ||
351 | START(HTML_HEAD); | ||
352 | PUTC('\n'); | ||
353 | START(HTML_TITLE); | ||
354 | @@ -1946,8 +1914,8 @@ | ||
355 | case 'S': | ||
356 | case 's': | ||
357 | if (match(line, "SUBJECT:")) { | ||
358 | - LYstrncpy(subject, line+9, sizeof(subject)-1);/* Save subject */ | ||
359 | - decode_mime(subject); | ||
360 | + StrAllocCopy(subject, line + 9); | ||
361 | + decode_mime(&subject); | ||
362 | } | ||
363 | break; | ||
364 | |||
365 | @@ -1964,10 +1932,8 @@ | ||
366 | case 'F': | ||
367 | if (match(line, "FROM:")) { | ||
368 | char * p2; | ||
369 | - LYstrncpy(author, | ||
370 | - author_name(strchr(line,':')+1), | ||
371 | - sizeof(author)-1); | ||
372 | - decode_mime(author); | ||
373 | + StrAllocCopy(author, strchr(line, ':') + 1); | ||
374 | + decode_mime(&author); | ||
375 | p2 = author + strlen(author) - 1; | ||
376 | if (*p2==LF) | ||
377 | *p2 = '\0'; /* Chop off newline */ | ||
378 | @@ -1988,11 +1954,8 @@ | ||
379 | |||
380 | PUTC('\n'); | ||
381 | START(HTML_LI); | ||
382 | -#ifdef SH_EX /* for MIME */ | ||
383 | - HTSprintf0(&temp, "\"%s\"", decode_mime(subject)); | ||
384 | -#else | ||
385 | - HTSprintf0(&temp, "\"%s\"", subject); | ||
386 | -#endif | ||
387 | + p = decode_mime(&subject); | ||
388 | + HTSprintf0(&temp, "\"%s\"", NonNull(p)); | ||
389 | if (reference) { | ||
390 | write_anchor(temp, reference); | ||
391 | FREE(reference); | ||
392 | @@ -2001,18 +1964,14 @@ | ||
393 | } | ||
394 | FREE(temp); | ||
395 | |||
396 | - if (author[0] != '\0') { | ||
397 | + if (author != NULL) { | ||
398 | PUTS(" - "); | ||
399 | if (LYListNewsDates) | ||
400 | START(HTML_I); | ||
401 | -#ifdef SH_EX /* for MIME */ | ||
402 | - PUTS(decode_mime(author)); | ||
403 | -#else | ||
404 | - PUTS(author); | ||
405 | -#endif | ||
406 | + PUTS(decode_mime(&author)); | ||
407 | if (LYListNewsDates) | ||
408 | END(HTML_I); | ||
409 | - author[0] = '\0'; | ||
410 | + FREE(author); | ||
411 | } | ||
412 | if (date) { | ||
413 | if (!diagnostic) { | ||
414 | @@ -2055,6 +2014,8 @@ | ||
415 | MAYBE_END(HTML_LI); | ||
416 | } /* Handle response to HEAD request */ | ||
417 | } /* Loop over article */ | ||
418 | + FREE(author); | ||
419 | + FREE(subject); | ||
420 | } /* If read headers */ | ||
421 | PUTC('\n'); | ||
422 | if (LYListNewsNumbers) | ||
423 | Index: configure | ||
424 | --- 2.8.5rel.2/configure Wed Feb 4 04:07:09 2004 | ||
425 | +++ 2.8.5rel.3/configure Wed Feb 4 04:07:09 2004 | ||
426 | @@ -723,7 +723,7 @@ | ||
427 | |||
428 | PACKAGE=lynx | ||
429 | # $Format: "VERSION=$ProjectVersion$"$ | ||
430 | -VERSION=2.8.5rel.2 | ||
431 | +VERSION=2.8.5rel.3 | ||
432 | |||
433 | |||
434 | |||
435 | Index: configure.in | ||
436 | --- 2.8.5rel.2/configure.in Wed Feb 4 04:07:09 2004 | ||
437 | +++ 2.8.5rel.3/configure.in Wed Feb 4 04:07:09 2004 | ||
438 | @@ -5,7 +5,7 @@ | ||
439 | dnl | ||
440 | dnl ask PRCS to plug-in the project-version for the configure-script. | ||
441 | dnl $Format: "AC_REVISION($ProjectVersion$)"$ | ||
442 | -AC_REVISION(2.8.5rel.2) | ||
443 | +AC_REVISION(2.8.5rel.3) | ||
444 | |||
445 | # Save the original $CFLAGS so we can distinguish whether the user set those | ||
446 | # in the environment, or whether autoconf added -O and -g options: | ||
447 | @@ -33,7 +33,7 @@ | ||
448 | PACKAGE=lynx | ||
449 | dnl ask PRCS to plug-in the project-version for the packages. | ||
450 | # $Format: "VERSION=$ProjectVersion$"$ | ||
451 | -VERSION=2.8.5rel.2 | ||
452 | +VERSION=2.8.5rel.3 | ||
453 | AC_SUBST(PACKAGE) | ||
454 | AC_SUBST(VERSION) | ||
455 | AC_SUBST(DESTDIR) | ||
456 | Index: lynx.cfg | ||
457 | --- 2.8.5rel.2/lynx.cfg Wed Jan 28 11:30:38 2004 | ||
458 | +++ 2.8.5rel.3/lynx.cfg Wed Jan 28 11:30:38 2004 | ||
459 | @@ -3,10 +3,10 @@ | ||
460 | # or Lynx_Dir:lynx.cfg (VMS) | ||
461 | # | ||
462 | # $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$ | ||
463 | -#PRCS LYNX_VERSION "2.8.5rel.2" | ||
464 | +#PRCS LYNX_VERSION "2.8.5rel.3" | ||
465 | # | ||
466 | # $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$ | ||
467 | -#PRCS LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700" | ||
468 | +#PRCS LYNX_DATE "Mon, 17 Oct 2005 13:47:09 -0700" | ||
469 | # | ||
470 | # Definition pairs are of the form VARIABLE:DEFINITION | ||
471 | # NO spaces are allowed between the pair items. | ||
472 | Index: userdefs.h | ||
473 | --- 2.8.5rel.2/userdefs.h Mon Feb 2 12:02:28 2004 | ||
474 | +++ 2.8.5rel.3/userdefs.h Mon Feb 2 12:02:28 2004 | ||
475 | @@ -1360,11 +1360,11 @@ | ||
476 | * the version definition with the Project Version on checkout. Just | ||
477 | * ignore it. - kw */ | ||
478 | /* $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ */ | ||
479 | -#define LYNX_VERSION "2.8.5rel.2" | ||
480 | +#define LYNX_VERSION "2.8.5rel.3" | ||
481 | #define LYNX_WWW_HOME "http://lynx.isc.org/" | ||
482 | #define LYNX_WWW_DIST "http://lynx.isc.org/current/" | ||
483 | /* $Format: "#define LYNX_DATE \"$ProjectDate$\""$ */ | ||
484 | -#define LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700" | ||
485 | +#define LYNX_DATE "Mon, 17 Oct 2005 13:47:09 -0700" | ||
486 | #define LYNX_DATE_OFF 5 /* truncate the automatically-generated date */ | ||
487 | #define LYNX_DATE_LEN 11 /* truncate the automatically-generated date */ | ||
488 |