Contents of /trunk/lynx/patches/lynx-2.8.5rel.3.patch
Parent Directory | Revision Log
Revision 153 -
(show annotations)
(download)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 12974 byte(s)
Tue May 8 20:52:56 2007 UTC (17 years, 4 months ago) by niro
File size: 12974 byte(s)
-import
1 | # ------------------------------------------------------------------------------ |
2 | # CHANGES | 5 ++ |
3 | # WWW/Library/Implementation/HTMIME.c | 82 +++++++++++++++++++-------------- |
4 | # WWW/Library/Implementation/HTMIME.h | 12 ---- |
5 | # WWW/Library/Implementation/HTNews.c | 83 +++++++++------------------------- |
6 | # configure | 2 |
7 | # configure.in | 4 - |
8 | # lynx.cfg | 4 - |
9 | # userdefs.h | 4 - |
10 | # 8 files changed, 84 insertions(+), 112 deletions(-) |
11 | # ------------------------------------------------------------------------------ |
12 | Index: CHANGES |
13 | --- 2.8.5rel.2/CHANGES Thu Apr 22 16:08:10 2004 |
14 | +++ 2.8.5rel.3/CHANGES Mon Oct 17 13:47:09 2005 |
15 | @@ -1,6 +1,11 @@ |
16 | Changes since Lynx 2.8 release |
17 | =============================================================================== |
18 | |
19 | +2004-10-17 (2.8.5rel.3 fixes from 2.8.6dev.14) |
20 | +* eliminate fixed-size buffers in LYExpandHostForURL() to guard against |
21 | + buffer overflow resulting from too-long domain prefix/suffix data from |
22 | + lynx.cfg (report by Ulf Harnhammar, CAN-2005-3120) -TD |
23 | + |
24 | 2004-04-22 (2.8.5rel.2 fixes from 2.8.6dev.1) |
25 | * correct ifdef in LYgetattrs() to ensure that getattrs() is used only if the |
26 | configure script actually found it (report/patch by Paul Gilmartin). |
27 | Index: WWW/Library/Implementation/HTMIME.c |
28 | Prereq: 0.2 |
29 | --- 2.8.5rel.2/WWW/Library/Implementation/HTMIME.c Wed Jan 7 18:03:09 2004 |
30 | +++ 2.8.5rel.3/WWW/Library/Implementation/HTMIME.c Mon Oct 17 13:47:09 2005 |
31 | @@ -2062,27 +2062,23 @@ |
32 | ** |
33 | ** Written by S. Ichikawa, |
34 | ** partially inspired by encdec.c of <jh@efd.lth.se>. |
35 | -** Assume caller's buffer is LINE_LENGTH bytes, these decode to |
36 | -** no longer than the input strings. |
37 | */ |
38 | -#define LINE_LENGTH 512 /* Maximum length of line of ARTICLE etc */ |
39 | -#ifdef ESC |
40 | -#undef ESC |
41 | -#endif /* ESC */ |
42 | #include <LYCharVals.h> /* S/390 -- gil -- 0163 */ |
43 | -#define ESC CH_ESC |
44 | |
45 | PRIVATE char HTmm64[] = |
46 | "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" ; |
47 | PRIVATE char HTmmquote[] = "0123456789ABCDEF"; |
48 | PRIVATE int HTmmcont = 0; |
49 | |
50 | -PUBLIC void HTmmdec_base64 ARGS2( |
51 | - char *, t, |
52 | +PRIVATE void HTmmdec_base64 ARGS2( |
53 | + char **, t, |
54 | char *, s) |
55 | { |
56 | int d, count, j, val; |
57 | - char buf[LINE_LENGTH], *bp, nw[4], *p; |
58 | + char *buf, *bp, nw[4], *p; |
59 | + |
60 | + if ((buf = malloc(strlen(s) * 3 + 1)) == 0) |
61 | + outofmem(__FILE__, "HTmmdec_base64"); |
62 | |
63 | for (bp = buf; *s; s += 4) { |
64 | val = 0; |
65 | @@ -2113,14 +2109,18 @@ |
66 | *bp++ = nw[2]; |
67 | } |
68 | *bp = '\0'; |
69 | - strcpy(t, buf); |
70 | + StrAllocCopy(*t, buf); |
71 | + FREE(buf); |
72 | } |
73 | |
74 | -PUBLIC void HTmmdec_quote ARGS2( |
75 | - char *, t, |
76 | +PRIVATE void HTmmdec_quote ARGS2( |
77 | + char **, t, |
78 | char *, s) |
79 | { |
80 | - char buf[LINE_LENGTH], cval, *bp, *p; |
81 | + char *buf, cval, *bp, *p; |
82 | + |
83 | + if ((buf = malloc(strlen(s) + 1)) == 0) |
84 | + outofmem(__FILE__, "HTmmdec_quote"); |
85 | |
86 | for (bp = buf; *s; ) { |
87 | if (*s == '=') { |
88 | @@ -2147,23 +2147,27 @@ |
89 | } |
90 | } |
91 | *bp = '\0'; |
92 | - strcpy(t, buf); |
93 | + StrAllocCopy(*t, buf); |
94 | + FREE(buf); |
95 | } |
96 | |
97 | /* |
98 | ** HTmmdecode for ISO-2022-JP - FM |
99 | */ |
100 | PUBLIC void HTmmdecode ARGS2( |
101 | - char *, trg, |
102 | + char **, trg, |
103 | char *, str) |
104 | { |
105 | - char buf[LINE_LENGTH], mmbuf[LINE_LENGTH]; |
106 | + char *buf; |
107 | + char *mmbuf = NULL; |
108 | + char *m2buf = NULL; |
109 | char *s, *t, *u; |
110 | int base64, quote; |
111 | |
112 | - buf[0] = '\0'; |
113 | - |
114 | - for (s = str, u = buf; *s; ) { |
115 | + if ((buf = malloc(strlen(str) + 1)) == 0) |
116 | + outofmem(__FILE__, "HTmmdecode"); |
117 | + |
118 | + for (s = str, u = buf; *s;) { |
119 | if (!strncasecomp(s, "=?ISO-2022-JP?B?", 16)) { |
120 | base64 = 1; |
121 | } else { |
122 | @@ -2181,11 +2185,14 @@ |
123 | u--; |
124 | } |
125 | } |
126 | + if (mmbuf == 0) /* allocate buffer big enough for source */ |
127 | + StrAllocCopy(mmbuf, str); |
128 | for (s += 16, t = mmbuf; *s; ) { |
129 | if (s[0] == '?' && s[1] == '=') { |
130 | break; |
131 | } else { |
132 | *t++ = *s++; |
133 | + *t = '\0'; |
134 | } |
135 | } |
136 | if (s[0] != '?' || s[1] != '=') { |
137 | @@ -2195,14 +2202,12 @@ |
138 | *t = '\0'; |
139 | } |
140 | if (base64) |
141 | - HTmmdec_base64(mmbuf, mmbuf); |
142 | + HTmmdec_base64(&m2buf, mmbuf); |
143 | if (quote) |
144 | - HTmmdec_quote(mmbuf, mmbuf); |
145 | - for (t = mmbuf; *t; ) |
146 | + HTmmdec_quote(&m2buf, mmbuf); |
147 | + for (t = m2buf; *t; ) |
148 | *u++ = *t++; |
149 | HTmmcont = 1; |
150 | - /* if (*s == ' ' || *s == '\t') *u++ = *s; */ |
151 | - /* for ( ; *s == ' ' || *s == '\t'; s++) ; */ |
152 | } else { |
153 | if (*s != ' ' && *s != '\t') |
154 | HTmmcont = 0; |
155 | @@ -2211,7 +2216,10 @@ |
156 | } |
157 | *u = '\0'; |
158 | end: |
159 | - strcpy(trg, buf); |
160 | + StrAllocCopy(*t, buf); |
161 | + FREE(m2buf); |
162 | + FREE(mmbuf); |
163 | + FREE(buf); |
164 | } |
165 | |
166 | /* |
167 | @@ -2219,22 +2227,27 @@ |
168 | ** (The author of this function "rjis" is S. Ichikawa.) |
169 | */ |
170 | PUBLIC int HTrjis ARGS2( |
171 | - char *, t, |
172 | + char **, t, |
173 | char *, s) |
174 | { |
175 | - char *p, buf[LINE_LENGTH]; |
176 | + char *p; |
177 | + char *buf = NULL; |
178 | int kanji = 0; |
179 | |
180 | - if (strchr(s, ESC) || !strchr(s, '$')) { |
181 | - if (s != t) |
182 | - strcpy(t, s); |
183 | + if (strchr(s, CH_ESC) || !strchr(s, '$')) { |
184 | + if (s != *t) |
185 | + StrAllocCopy(*t, s); |
186 | return 1; |
187 | } |
188 | + |
189 | + if ((buf = malloc(strlen(s) * 2 + 1)) == 0) |
190 | + outofmem(__FILE__, "HTrjis"); |
191 | + |
192 | for (p = buf; *s; ) { |
193 | if (!kanji && s[0] == '$' && (s[1] == '@' || s[1] == 'B')) { |
194 | if (HTmaybekanji((int)s[2], (int)s[3])) { |
195 | kanji = 1; |
196 | - *p++ = ESC; |
197 | + *p++ = CH_ESC; |
198 | *p++ = *s++; |
199 | *p++ = *s++; |
200 | *p++ = *s++; |
201 | @@ -2246,7 +2259,7 @@ |
202 | } |
203 | if (kanji && s[0] == '(' && (s[1] == 'J' || s[1] == 'B')) { |
204 | kanji = 0; |
205 | - *p++ = ESC; |
206 | + *p++ = CH_ESC; |
207 | *p++ = *s++; |
208 | *p++ = *s++; |
209 | continue; |
210 | @@ -2255,7 +2268,8 @@ |
211 | } |
212 | *p = *s; /* terminate string */ |
213 | |
214 | - strcpy(t, buf); |
215 | + StrAllocCopy(*t, buf); |
216 | + FREE(buf); |
217 | return 0; |
218 | } |
219 | |
220 | Index: WWW/Library/Implementation/HTMIME.h |
221 | --- 2.8.5rel.2/WWW/Library/Implementation/HTMIME.h Wed Jan 22 01:43:13 2003 |
222 | +++ 2.8.5rel.3/WWW/Library/Implementation/HTMIME.h Mon Oct 17 13:47:09 2005 |
223 | @@ -67,20 +67,12 @@ |
224 | For handling Japanese headers. |
225 | |
226 | */ |
227 | -extern void HTmmdec_base64 PARAMS(( |
228 | - char * t, |
229 | - char * s)); |
230 | - |
231 | -extern void HTmmdec_quote PARAMS(( |
232 | - char * t, |
233 | - char * s)); |
234 | - |
235 | extern void HTmmdecode PARAMS(( |
236 | - char * trg, |
237 | + char ** trg, |
238 | char * str)); |
239 | |
240 | extern int HTrjis PARAMS(( |
241 | - char * t, |
242 | + char ** t, |
243 | char * s)); |
244 | |
245 | extern int HTmaybekanji PARAMS(( |
246 | Index: WWW/Library/Implementation/HTNews.c |
247 | --- 2.8.5rel.2/WWW/Library/Implementation/HTNews.c Wed Jan 7 18:03:09 2004 |
248 | +++ 2.8.5rel.3/WWW/Library/Implementation/HTNews.c Mon Oct 17 13:47:09 2005 |
249 | @@ -940,7 +940,6 @@ |
250 | } |
251 | } |
252 | |
253 | -#ifdef SH_EX /* for MIME */ |
254 | #ifdef NEWS_DEBUG |
255 | /* for DEBUG 1997/11/07 (Fri) 17:20:16 */ |
256 | void debug_print(unsigned char *p) |
257 | @@ -962,45 +961,15 @@ |
258 | } |
259 | #endif |
260 | |
261 | -static char *decode_mime(char *str) |
262 | +static char *decode_mime(char **str) |
263 | { |
264 | - char temp[LINE_LENGTH]; /* FIXME: what determines the actual size? */ |
265 | - char *p, *q; |
266 | - |
267 | - if (str == NULL) |
268 | - return ""; |
269 | - |
270 | +#ifdef SH_EX |
271 | if (HTCJK != JAPANESE) |
272 | - return str; |
273 | - |
274 | - LYstrncpy(temp, str, sizeof(temp) - 1); |
275 | - q = temp; |
276 | - while ((p = strchr(q, '=')) != 0) { |
277 | - if (p[1] == '?') { |
278 | - HTmmdecode(p, p); |
279 | - q = p + 2; |
280 | - } else { |
281 | - q = p + 1; |
282 | - } |
283 | - } |
284 | -#ifdef NEWS_DEBUG |
285 | - printf("new=["); |
286 | - debug_print(temp); |
287 | + return *str; |
288 | #endif |
289 | - HTrjis(temp, temp); |
290 | - strcpy(str, temp); |
291 | - |
292 | - return str; |
293 | -} |
294 | -#else /* !SH_EX */ |
295 | -static char *decode_mime ARGS1(char *, str) |
296 | -{ |
297 | - HTmmdecode(str, str); |
298 | - HTrjis(str, str); |
299 | - return str; |
300 | + HTmmdecode(str, *str); |
301 | + return HTrjis(str, *str) ? *str : ""; |
302 | } |
303 | -#endif |
304 | - |
305 | |
306 | /* Read in an Article read_article |
307 | ** ------------------ |
308 | @@ -1087,22 +1056,22 @@ |
309 | |
310 | } else if (match(full_line, "SUBJECT:")) { |
311 | StrAllocCopy(subject, HTStrip(strchr(full_line,':')+1)); |
312 | - decode_mime(subject); |
313 | + decode_mime(&subject); |
314 | } else if (match(full_line, "DATE:")) { |
315 | StrAllocCopy(date, HTStrip(strchr(full_line,':')+1)); |
316 | |
317 | } else if (match(full_line, "ORGANIZATION:")) { |
318 | StrAllocCopy(organization, |
319 | HTStrip(strchr(full_line,':')+1)); |
320 | - decode_mime(organization); |
321 | + decode_mime(&organization); |
322 | |
323 | } else if (match(full_line, "FROM:")) { |
324 | StrAllocCopy(from, HTStrip(strchr(full_line,':')+1)); |
325 | - decode_mime(from); |
326 | + decode_mime(&from); |
327 | |
328 | } else if (match(full_line, "REPLY-TO:")) { |
329 | StrAllocCopy(replyto, HTStrip(strchr(full_line,':')+1)); |
330 | - decode_mime(replyto); |
331 | + decode_mime(&replyto); |
332 | |
333 | } else if (match(full_line, "NEWSGROUPS:")) { |
334 | StrAllocCopy(newsgroups, HTStrip(strchr(full_line,':')+1)); |
335 | @@ -1711,8 +1680,8 @@ |
336 | int, last_required) |
337 | { |
338 | char line[LINE_LENGTH+1]; |
339 | - char author[LINE_LENGTH+1]; |
340 | - char subject[LINE_LENGTH+1]; |
341 | + char *author = NULL; |
342 | + char *subject = NULL; |
343 | char *date = NULL; |
344 | int i; |
345 | char *p; |
346 | @@ -1725,7 +1694,6 @@ |
347 | int status, count, first, last; /* Response fields */ |
348 | /* count is only an upper limit */ |
349 | |
350 | - author[0] = '\0'; |
351 | START(HTML_HEAD); |
352 | PUTC('\n'); |
353 | START(HTML_TITLE); |
354 | @@ -1946,8 +1914,8 @@ |
355 | case 'S': |
356 | case 's': |
357 | if (match(line, "SUBJECT:")) { |
358 | - LYstrncpy(subject, line+9, sizeof(subject)-1);/* Save subject */ |
359 | - decode_mime(subject); |
360 | + StrAllocCopy(subject, line + 9); |
361 | + decode_mime(&subject); |
362 | } |
363 | break; |
364 | |
365 | @@ -1964,10 +1932,8 @@ |
366 | case 'F': |
367 | if (match(line, "FROM:")) { |
368 | char * p2; |
369 | - LYstrncpy(author, |
370 | - author_name(strchr(line,':')+1), |
371 | - sizeof(author)-1); |
372 | - decode_mime(author); |
373 | + StrAllocCopy(author, strchr(line, ':') + 1); |
374 | + decode_mime(&author); |
375 | p2 = author + strlen(author) - 1; |
376 | if (*p2==LF) |
377 | *p2 = '\0'; /* Chop off newline */ |
378 | @@ -1988,11 +1954,8 @@ |
379 | |
380 | PUTC('\n'); |
381 | START(HTML_LI); |
382 | -#ifdef SH_EX /* for MIME */ |
383 | - HTSprintf0(&temp, "\"%s\"", decode_mime(subject)); |
384 | -#else |
385 | - HTSprintf0(&temp, "\"%s\"", subject); |
386 | -#endif |
387 | + p = decode_mime(&subject); |
388 | + HTSprintf0(&temp, "\"%s\"", NonNull(p)); |
389 | if (reference) { |
390 | write_anchor(temp, reference); |
391 | FREE(reference); |
392 | @@ -2001,18 +1964,14 @@ |
393 | } |
394 | FREE(temp); |
395 | |
396 | - if (author[0] != '\0') { |
397 | + if (author != NULL) { |
398 | PUTS(" - "); |
399 | if (LYListNewsDates) |
400 | START(HTML_I); |
401 | -#ifdef SH_EX /* for MIME */ |
402 | - PUTS(decode_mime(author)); |
403 | -#else |
404 | - PUTS(author); |
405 | -#endif |
406 | + PUTS(decode_mime(&author)); |
407 | if (LYListNewsDates) |
408 | END(HTML_I); |
409 | - author[0] = '\0'; |
410 | + FREE(author); |
411 | } |
412 | if (date) { |
413 | if (!diagnostic) { |
414 | @@ -2055,6 +2014,8 @@ |
415 | MAYBE_END(HTML_LI); |
416 | } /* Handle response to HEAD request */ |
417 | } /* Loop over article */ |
418 | + FREE(author); |
419 | + FREE(subject); |
420 | } /* If read headers */ |
421 | PUTC('\n'); |
422 | if (LYListNewsNumbers) |
423 | Index: configure |
424 | --- 2.8.5rel.2/configure Wed Feb 4 04:07:09 2004 |
425 | +++ 2.8.5rel.3/configure Wed Feb 4 04:07:09 2004 |
426 | @@ -723,7 +723,7 @@ |
427 | |
428 | PACKAGE=lynx |
429 | # $Format: "VERSION=$ProjectVersion$"$ |
430 | -VERSION=2.8.5rel.2 |
431 | +VERSION=2.8.5rel.3 |
432 | |
433 | |
434 | |
435 | Index: configure.in |
436 | --- 2.8.5rel.2/configure.in Wed Feb 4 04:07:09 2004 |
437 | +++ 2.8.5rel.3/configure.in Wed Feb 4 04:07:09 2004 |
438 | @@ -5,7 +5,7 @@ |
439 | dnl |
440 | dnl ask PRCS to plug-in the project-version for the configure-script. |
441 | dnl $Format: "AC_REVISION($ProjectVersion$)"$ |
442 | -AC_REVISION(2.8.5rel.2) |
443 | +AC_REVISION(2.8.5rel.3) |
444 | |
445 | # Save the original $CFLAGS so we can distinguish whether the user set those |
446 | # in the environment, or whether autoconf added -O and -g options: |
447 | @@ -33,7 +33,7 @@ |
448 | PACKAGE=lynx |
449 | dnl ask PRCS to plug-in the project-version for the packages. |
450 | # $Format: "VERSION=$ProjectVersion$"$ |
451 | -VERSION=2.8.5rel.2 |
452 | +VERSION=2.8.5rel.3 |
453 | AC_SUBST(PACKAGE) |
454 | AC_SUBST(VERSION) |
455 | AC_SUBST(DESTDIR) |
456 | Index: lynx.cfg |
457 | --- 2.8.5rel.2/lynx.cfg Wed Jan 28 11:30:38 2004 |
458 | +++ 2.8.5rel.3/lynx.cfg Wed Jan 28 11:30:38 2004 |
459 | @@ -3,10 +3,10 @@ |
460 | # or Lynx_Dir:lynx.cfg (VMS) |
461 | # |
462 | # $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$ |
463 | -#PRCS LYNX_VERSION "2.8.5rel.2" |
464 | +#PRCS LYNX_VERSION "2.8.5rel.3" |
465 | # |
466 | # $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$ |
467 | -#PRCS LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700" |
468 | +#PRCS LYNX_DATE "Mon, 17 Oct 2005 13:47:09 -0700" |
469 | # |
470 | # Definition pairs are of the form VARIABLE:DEFINITION |
471 | # NO spaces are allowed between the pair items. |
472 | Index: userdefs.h |
473 | --- 2.8.5rel.2/userdefs.h Mon Feb 2 12:02:28 2004 |
474 | +++ 2.8.5rel.3/userdefs.h Mon Feb 2 12:02:28 2004 |
475 | @@ -1360,11 +1360,11 @@ |
476 | * the version definition with the Project Version on checkout. Just |
477 | * ignore it. - kw */ |
478 | /* $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ */ |
479 | -#define LYNX_VERSION "2.8.5rel.2" |
480 | +#define LYNX_VERSION "2.8.5rel.3" |
481 | #define LYNX_WWW_HOME "http://lynx.isc.org/" |
482 | #define LYNX_WWW_DIST "http://lynx.isc.org/current/" |
483 | /* $Format: "#define LYNX_DATE \"$ProjectDate$\""$ */ |
484 | -#define LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700" |
485 | +#define LYNX_DATE "Mon, 17 Oct 2005 13:47:09 -0700" |
486 | #define LYNX_DATE_OFF 5 /* truncate the automatically-generated date */ |
487 | #define LYNX_DATE_LEN 11 /* truncate the automatically-generated date */ |
488 |