lynx/patches/lynx-2.8.5rel.3.patch

# ------------------------------------------------------------------------------
# CHANGES                             |    5 ++
# WWW/Library/Implementation/HTMIME.c |   82 +++++++++++++++++++--------------
# WWW/Library/Implementation/HTMIME.h |   12 ----
# WWW/Library/Implementation/HTNews.c |   83 +++++++++-------------------------
# configure                           |    2 
# configure.in                        |    4 -
# lynx.cfg                            |    4 -
# userdefs.h                          |    4 -
# 8 files changed, 84 insertions(+), 112 deletions(-)
# ------------------------------------------------------------------------------
Index: CHANGES
--- 2.8.5rel.2/CHANGES	Thu Apr 22 16:08:10 2004
+++ 2.8.5rel.3/CHANGES	Mon Oct 17 13:47:09 2005
@@ -1,6 +1,11 @@
 Changes since Lynx 2.8 release
 ===============================================================================
 
+2004-10-17 (2.8.5rel.3 fixes from 2.8.6dev.14)
+* eliminate fixed-size buffers in LYExpandHostForURL() to guard against
+  buffer overflow resulting from too-long domain prefix/suffix data from
+  lynx.cfg (report by Ulf Harnhammar, CAN-2005-3120) -TD
+
 2004-04-22 (2.8.5rel.2 fixes from 2.8.6dev.1)
 * correct ifdef in LYgetattrs() to ensure that getattrs() is used only if the
   configure script actually found it (report/patch by Paul Gilmartin).
Index: WWW/Library/Implementation/HTMIME.c
Prereq:  0.2 
--- 2.8.5rel.2/WWW/Library/Implementation/HTMIME.c	Wed Jan  7 18:03:09 2004
+++ 2.8.5rel.3/WWW/Library/Implementation/HTMIME.c	Mon Oct 17 13:47:09 2005
@@ -2062,27 +2062,23 @@
 **
 **	Written by S. Ichikawa,
 **	partially inspired by encdec.c of <jh@efd.lth.se>.
-**	Assume caller's buffer is LINE_LENGTH bytes, these decode to
-**	no longer than the input strings.
 */
-#define LINE_LENGTH 512		/* Maximum length of line of ARTICLE etc */
-#ifdef ESC
-#undef ESC
-#endif /* ESC */
 #include <LYCharVals.h>  /* S/390 -- gil -- 0163 */
-#define ESC	CH_ESC
 
 PRIVATE char HTmm64[] =
     "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" ;
 PRIVATE char HTmmquote[] = "0123456789ABCDEF";
 PRIVATE int HTmmcont = 0;
 
-PUBLIC void HTmmdec_base64 ARGS2(
-	char *,		t,
+PRIVATE void HTmmdec_base64 ARGS2(
+	char **,	t,
 	char *,		s)
 {
     int   d, count, j, val;
-    char  buf[LINE_LENGTH], *bp, nw[4], *p;
+    char *buf, *bp, nw[4], *p;
+
+    if ((buf = malloc(strlen(s) * 3 + 1)) == 0)
+	outofmem(__FILE__, "HTmmdec_base64");
 
     for (bp = buf; *s; s += 4) {
 	val = 0;
@@ -2113,14 +2109,18 @@
 	    *bp++ = nw[2];
     }
     *bp = '\0';
-    strcpy(t, buf);
+    StrAllocCopy(*t, buf);
+    FREE(buf);
 }
 
-PUBLIC void HTmmdec_quote ARGS2(
-	char *,		t,
+PRIVATE void HTmmdec_quote ARGS2(
+	char **,	t,
 	char *,		s)
 {
-    char  buf[LINE_LENGTH], cval, *bp, *p;
+    char *buf, cval, *bp, *p;
+
+    if ((buf = malloc(strlen(s) + 1)) == 0)
+	outofmem(__FILE__, "HTmmdec_quote");
 
     for (bp = buf; *s; ) {
 	if (*s == '=') {
@@ -2147,23 +2147,27 @@
 	}
     }
     *bp = '\0';
-    strcpy(t, buf);
+    StrAllocCopy(*t, buf);
+    FREE(buf);
 }
 
 /*
 **	HTmmdecode for ISO-2022-JP - FM
 */
 PUBLIC void HTmmdecode ARGS2(
-	char *,		trg,
+	char **,	trg,
 	char *,		str)
 {
-    char buf[LINE_LENGTH], mmbuf[LINE_LENGTH];
+    char *buf;
+    char *mmbuf = NULL;
+    char *m2buf = NULL;
     char *s, *t, *u;
     int  base64, quote;
 
-    buf[0] = '\0';
-
-    for (s = str, u = buf; *s; ) {
+    if ((buf = malloc(strlen(str) + 1)) == 0)
+	outofmem(__FILE__, "HTmmdecode");
+  
+    for (s = str, u = buf; *s;) {
 	if (!strncasecomp(s, "=?ISO-2022-JP?B?", 16)) {
 	    base64 = 1;
 	} else {
@@ -2181,11 +2185,14 @@
 			u--;
 		}
 	    }
+	    if (mmbuf == 0)	/* allocate buffer big enough for source */
+		StrAllocCopy(mmbuf, str);
 	    for (s += 16, t = mmbuf; *s; ) {
 		if (s[0] == '?' && s[1] == '=') {
 		    break;
 		} else {
 		    *t++ = *s++;
+		    *t = '\0';
 		}
 	    }
 	    if (s[0] != '?' || s[1] != '=') {
@@ -2195,14 +2202,12 @@
 		*t = '\0';
 	    }
 	    if (base64)
-		HTmmdec_base64(mmbuf, mmbuf);
+		HTmmdec_base64(&m2buf, mmbuf);
 	    if (quote)
-		HTmmdec_quote(mmbuf, mmbuf);
-	    for (t = mmbuf; *t; )
+		HTmmdec_quote(&m2buf, mmbuf);
+	    for (t = m2buf; *t; )
 		*u++ = *t++;
 	    HTmmcont = 1;
-	    /* if (*s == ' ' || *s == '\t') *u++ = *s; */
-	    /* for ( ; *s == ' ' || *s == '\t'; s++) ; */
 	} else {
 	    if (*s != ' ' && *s != '\t')
 		HTmmcont = 0;
@@ -2211,7 +2216,10 @@
     }
     *u = '\0';
 end:
-    strcpy(trg, buf);
+    StrAllocCopy(*t, buf);
+    FREE(m2buf);
+    FREE(mmbuf);
+    FREE(buf);
 }
 
 /*
@@ -2219,22 +2227,27 @@
 **  (The author of this function "rjis" is S. Ichikawa.)
 */
 PUBLIC int HTrjis ARGS2(
-	char *,		t,
+	char **,	t,
 	char *,		s)
 {
-    char *p, buf[LINE_LENGTH];
+    char *p;
+    char *buf = NULL;
     int kanji = 0;
 
-    if (strchr(s, ESC) || !strchr(s, '$')) {
-	if (s != t)
-	    strcpy(t, s);
+    if (strchr(s, CH_ESC) || !strchr(s, '$')) {
+	if (s != *t)
+	    StrAllocCopy(*t, s);
 	return 1;
     }
+
+    if ((buf = malloc(strlen(s) * 2 + 1)) == 0)
+	outofmem(__FILE__, "HTrjis");
+
     for (p = buf; *s; ) {
 	if (!kanji && s[0] == '$' && (s[1] == '@' || s[1] == 'B')) {
 	    if (HTmaybekanji((int)s[2], (int)s[3])) {
 		kanji = 1;
-		*p++ = ESC;
+		*p++ = CH_ESC;
 		*p++ = *s++;
 		*p++ = *s++;
 		*p++ = *s++;
@@ -2246,7 +2259,7 @@
 	}
 	if (kanji && s[0] == '(' && (s[1] == 'J' || s[1] == 'B')) {
 	    kanji = 0;
-	    *p++ = ESC;
+	    *p++ = CH_ESC;
 	    *p++ = *s++;
 	    *p++ = *s++;
 	    continue;
@@ -2255,7 +2268,8 @@
     }
     *p = *s;	/* terminate string */
 
-    strcpy(t, buf);
+    StrAllocCopy(*t, buf);
+    FREE(buf);
     return 0;
 }
 
Index: WWW/Library/Implementation/HTMIME.h
--- 2.8.5rel.2/WWW/Library/Implementation/HTMIME.h	Wed Jan 22 01:43:13 2003
+++ 2.8.5rel.3/WWW/Library/Implementation/HTMIME.h	Mon Oct 17 13:47:09 2005
@@ -67,20 +67,12 @@
   For handling Japanese headers.
 
 */
-extern void HTmmdec_base64 PARAMS((
-	char *	t,
-	char *	s));
-
-extern void HTmmdec_quote PARAMS((
-	char *	t,
-	char *	s));
-
 extern void HTmmdecode PARAMS((
-	char *	trg,
+	char **	trg,
 	char *	str));
 
 extern int HTrjis PARAMS((
-	char *	t,
+	char **	t,
 	char *	s));
 
 extern int HTmaybekanji PARAMS((
Index: WWW/Library/Implementation/HTNews.c
--- 2.8.5rel.2/WWW/Library/Implementation/HTNews.c	Wed Jan  7 18:03:09 2004
+++ 2.8.5rel.3/WWW/Library/Implementation/HTNews.c	Mon Oct 17 13:47:09 2005
@@ -940,7 +940,6 @@
     }
 }
 
-#ifdef SH_EX	/* for MIME */
 #ifdef NEWS_DEBUG
 /* for DEBUG 1997/11/07 (Fri) 17:20:16 */
 void debug_print(unsigned char *p)
@@ -962,45 +961,15 @@
 }
 #endif
 
-static char *decode_mime(char *str)
+static char *decode_mime(char **str)
 {
-    char temp[LINE_LENGTH];	/* FIXME: what determines the actual size? */
-    char *p, *q;
-
-    if (str == NULL)
-	return "";
-
+#ifdef SH_EX
     if (HTCJK != JAPANESE)
-	return str;
-
-    LYstrncpy(temp, str, sizeof(temp) - 1);
-    q = temp;
-    while ((p = strchr(q, '=')) != 0) {
-	if (p[1] == '?') {
-	    HTmmdecode(p, p);
-	    q = p + 2;
-	} else {
-	    q = p + 1;
-	}
-    }
-#ifdef NEWS_DEBUG
-    printf("new=[");
-    debug_print(temp);
+	return *str;
 #endif
-    HTrjis(temp, temp);
-    strcpy(str, temp);
-
-    return str;
-}
-#else /* !SH_EX */
-static char *decode_mime ARGS1(char *, str)
-{
-    HTmmdecode(str, str);
-    HTrjis(str, str);
-    return str;
+    HTmmdecode(str, *str);
+    return HTrjis(str, *str) ? *str : "";
 }
-#endif
-
 
 /*	Read in an Article					read_article
 **	------------------
@@ -1087,22 +1056,22 @@
 
 		} else if (match(full_line, "SUBJECT:")) {
 		    StrAllocCopy(subject, HTStrip(strchr(full_line,':')+1));
-		    decode_mime(subject);
+		    decode_mime(&subject);
 		} else if (match(full_line, "DATE:")) {
 		    StrAllocCopy(date, HTStrip(strchr(full_line,':')+1));
 
 		} else if (match(full_line, "ORGANIZATION:")) {
 		    StrAllocCopy(organization,
 				 HTStrip(strchr(full_line,':')+1));
-		    decode_mime(organization);
+		    decode_mime(&organization);
 
 		} else if (match(full_line, "FROM:")) {
 		    StrAllocCopy(from, HTStrip(strchr(full_line,':')+1));
-		    decode_mime(from);
+		    decode_mime(&from);
 
 		} else if (match(full_line, "REPLY-TO:")) {
 		    StrAllocCopy(replyto, HTStrip(strchr(full_line,':')+1));
-		    decode_mime(replyto);
+		    decode_mime(&replyto);
 
 		} else if (match(full_line, "NEWSGROUPS:")) {
 		    StrAllocCopy(newsgroups, HTStrip(strchr(full_line,':')+1));
@@ -1711,8 +1680,8 @@
 	int,		last_required)
 {
     char line[LINE_LENGTH+1];
-    char author[LINE_LENGTH+1];
-    char subject[LINE_LENGTH+1];
+    char *author = NULL;
+    char *subject = NULL;
     char *date = NULL;
     int i;
     char *p;
@@ -1725,7 +1694,6 @@
     int status, count, first, last;	/* Response fields */
 					/* count is only an upper limit */
 
-    author[0] = '\0';
     START(HTML_HEAD);
     PUTC('\n');
     START(HTML_TITLE);
@@ -1946,8 +1914,8 @@
 			case 'S':
 			case 's':
 			    if (match(line, "SUBJECT:")) {
-				LYstrncpy(subject, line+9, sizeof(subject)-1);/* Save subject */
-				decode_mime(subject);
+				StrAllocCopy(subject, line + 9);
+				decode_mime(&subject);
 			    }
 			    break;
 
@@ -1964,10 +1932,8 @@
 			case 'F':
 			    if (match(line, "FROM:")) {
 				char * p2;
-				LYstrncpy(author,
-					author_name(strchr(line,':')+1),
-					sizeof(author)-1);
-				decode_mime(author);
+				StrAllocCopy(author, strchr(line, ':') + 1);
+				decode_mime(&author);
 				p2 = author + strlen(author) - 1;
 				if (*p2==LF)
 				    *p2 = '\0'; /* Chop off newline */
@@ -1988,11 +1954,8 @@
 
 		PUTC('\n');
 		START(HTML_LI);
-#ifdef SH_EX	/* for MIME */
-		HTSprintf0(&temp, "\"%s\"", decode_mime(subject));
-#else
-		HTSprintf0(&temp, "\"%s\"", subject);
-#endif
+		p = decode_mime(&subject);
+		HTSprintf0(&temp, "\"%s\"", NonNull(p));
 		if (reference) {
 		    write_anchor(temp, reference);
 		    FREE(reference);
@@ -2001,18 +1964,14 @@
 		}
 		FREE(temp);
 
-		if (author[0] != '\0') {
+		if (author != NULL) {
 		     PUTS(" - ");
 		     if (LYListNewsDates)
 			 START(HTML_I);
-#ifdef SH_EX	/* for MIME */
-		     PUTS(decode_mime(author));
-#else
-		     PUTS(author);
-#endif
+		    PUTS(decode_mime(&author));
 		     if (LYListNewsDates)
 			 END(HTML_I);
-		     author[0] = '\0';
+		    FREE(author);
 		}
 		if (date) {
 		    if (!diagnostic) {
@@ -2055,6 +2014,8 @@
 		MAYBE_END(HTML_LI);
 	    } /* Handle response to HEAD request */
 	} /* Loop over article */
+	FREE(author);
+	FREE(subject);
     } /* If read headers */
     PUTC('\n');
     if (LYListNewsNumbers)
Index: configure
--- 2.8.5rel.2/configure	Wed Feb  4 04:07:09 2004
+++ 2.8.5rel.3/configure	Wed Feb  4 04:07:09 2004
@@ -723,7 +723,7 @@
 
 PACKAGE=lynx
 # $Format: "VERSION=$ProjectVersion$"$
-VERSION=2.8.5rel.2
+VERSION=2.8.5rel.3
 
 
 
Index: configure.in
--- 2.8.5rel.2/configure.in	Wed Feb  4 04:07:09 2004
+++ 2.8.5rel.3/configure.in	Wed Feb  4 04:07:09 2004
@@ -5,7 +5,7 @@
 dnl
 dnl ask PRCS to plug-in the project-version for the configure-script.
 dnl $Format: "AC_REVISION($ProjectVersion$)"$
-AC_REVISION(2.8.5rel.2)
+AC_REVISION(2.8.5rel.3)
 
 # Save the original $CFLAGS so we can distinguish whether the user set those
 # in the environment, or whether autoconf added -O and -g options:
@@ -33,7 +33,7 @@
 PACKAGE=lynx
 dnl ask PRCS to plug-in the project-version for the packages.
 # $Format: "VERSION=$ProjectVersion$"$
-VERSION=2.8.5rel.2
+VERSION=2.8.5rel.3
 AC_SUBST(PACKAGE)
 AC_SUBST(VERSION)
 AC_SUBST(DESTDIR)
Index: lynx.cfg
--- 2.8.5rel.2/lynx.cfg	Wed Jan 28 11:30:38 2004
+++ 2.8.5rel.3/lynx.cfg	Wed Jan 28 11:30:38 2004
@@ -3,10 +3,10 @@
 #                                     or Lynx_Dir:lynx.cfg (VMS)
 #
 # $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$
-#PRCS LYNX_VERSION "2.8.5rel.2"
+#PRCS LYNX_VERSION "2.8.5rel.3"
 #
 # $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$
-#PRCS LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700"
+#PRCS LYNX_DATE "Mon, 17 Oct 2005 13:47:09 -0700"
 #
 # Definition pairs are of the form  VARIABLE:DEFINITION
 # NO spaces are allowed between the pair items.
Index: userdefs.h
--- 2.8.5rel.2/userdefs.h	Mon Feb  2 12:02:28 2004
+++ 2.8.5rel.3/userdefs.h	Mon Feb  2 12:02:28 2004
@@ -1360,11 +1360,11 @@
  * the version definition with the Project Version on checkout.  Just
  * ignore it. - kw */
 /* $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ */
-#define LYNX_VERSION "2.8.5rel.2"
+#define LYNX_VERSION "2.8.5rel.3"
 #define LYNX_WWW_HOME "http://lynx.isc.org/"
 #define LYNX_WWW_DIST "http://lynx.isc.org/current/"
 /* $Format: "#define LYNX_DATE \"$ProjectDate$\""$ */
-#define LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700"
+#define LYNX_DATE "Mon, 17 Oct 2005 13:47:09 -0700"
 #define LYNX_DATE_OFF 5		/* truncate the automatically-generated date */
 #define LYNX_DATE_LEN 11	/* truncate the automatically-generated date */
 
1	# ------------------------------------------------------------------------------
2	# CHANGES \| 5 ++
3	# WWW/Library/Implementation/HTMIME.c \| 82 +++++++++++++++++++--------------
4	# WWW/Library/Implementation/HTMIME.h \| 12 ----
5	# WWW/Library/Implementation/HTNews.c \| 83 +++++++++-------------------------
6	# configure \| 2
7	# configure.in \| 4 -
8	# lynx.cfg \| 4 -
9	# userdefs.h \| 4 -
10	# 8 files changed, 84 insertions(+), 112 deletions(-)
11	# ------------------------------------------------------------------------------
12	Index: CHANGES
13	--- 2.8.5rel.2/CHANGES Thu Apr 22 16:08:10 2004
14	+++ 2.8.5rel.3/CHANGES Mon Oct 17 13:47:09 2005
15	@@ -1,6 +1,11 @@
16	Changes since Lynx 2.8 release
17	===============================================================================
18
19	+2004-10-17 (2.8.5rel.3 fixes from 2.8.6dev.14)
20	+* eliminate fixed-size buffers in LYExpandHostForURL() to guard against
21	+ buffer overflow resulting from too-long domain prefix/suffix data from
22	+ lynx.cfg (report by Ulf Harnhammar, CAN-2005-3120) -TD
23	+
24	2004-04-22 (2.8.5rel.2 fixes from 2.8.6dev.1)
25	* correct ifdef in LYgetattrs() to ensure that getattrs() is used only if the
26	configure script actually found it (report/patch by Paul Gilmartin).
27	Index: WWW/Library/Implementation/HTMIME.c
28	Prereq: 0.2
29	--- 2.8.5rel.2/WWW/Library/Implementation/HTMIME.c Wed Jan 7 18:03:09 2004
30	+++ 2.8.5rel.3/WWW/Library/Implementation/HTMIME.c Mon Oct 17 13:47:09 2005
31	@@ -2062,27 +2062,23 @@
32	**
33	** Written by S. Ichikawa,
34	** partially inspired by encdec.c of <jh@efd.lth.se>.
35	-** Assume caller's buffer is LINE_LENGTH bytes, these decode to
36	-** no longer than the input strings.
37	*/
38	-#define LINE_LENGTH 512 /* Maximum length of line of ARTICLE etc */
39	-#ifdef ESC
40	-#undef ESC
41	-#endif /* ESC */
42	#include <LYCharVals.h> /* S/390 -- gil -- 0163 */
43	-#define ESC CH_ESC
44
45	PRIVATE char HTmm64[] =
46	"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" ;
47	PRIVATE char HTmmquote[] = "0123456789ABCDEF";
48	PRIVATE int HTmmcont = 0;
49
50	-PUBLIC void HTmmdec_base64 ARGS2(
51	- char *, t,
52	+PRIVATE void HTmmdec_base64 ARGS2(
53	+ char **, t,
54	char *, s)
55	{
56	int d, count, j, val;
57	- char buf[LINE_LENGTH], bp, nw[4], p;
58	+ char buf, bp, nw[4], *p;
59	+
60	+ if ((buf = malloc(strlen(s) * 3 + 1)) == 0)
61	+ outofmem(__FILE__, "HTmmdec_base64");
62
63	for (bp = buf; *s; s += 4) {
64	val = 0;
65	@@ -2113,14 +2109,18 @@
66	*bp++ = nw[2];
67	}
68	*bp = '\0';
69	- strcpy(t, buf);
70	+ StrAllocCopy(*t, buf);
71	+ FREE(buf);
72	}
73
74	-PUBLIC void HTmmdec_quote ARGS2(
75	- char *, t,
76	+PRIVATE void HTmmdec_quote ARGS2(
77	+ char **, t,
78	char *, s)
79	{
80	- char buf[LINE_LENGTH], cval, bp, p;
81	+ char buf, cval, bp, *p;
82	+
83	+ if ((buf = malloc(strlen(s) + 1)) == 0)
84	+ outofmem(__FILE__, "HTmmdec_quote");
85
86	for (bp = buf; *s; ) {
87	if (*s == '=') {
88	@@ -2147,23 +2147,27 @@
89	}
90	}
91	*bp = '\0';
92	- strcpy(t, buf);
93	+ StrAllocCopy(*t, buf);
94	+ FREE(buf);
95	}
96
97	/*
98	** HTmmdecode for ISO-2022-JP - FM
99	*/
100	PUBLIC void HTmmdecode ARGS2(
101	- char *, trg,
102	+ char **, trg,
103	char *, str)
104	{
105	- char buf[LINE_LENGTH], mmbuf[LINE_LENGTH];
106	+ char *buf;
107	+ char *mmbuf = NULL;
108	+ char *m2buf = NULL;
109	char s, t, *u;
110	int base64, quote;
111
112	- buf[0] = '\0';
113	-
114	- for (s = str, u = buf; *s; ) {
115	+ if ((buf = malloc(strlen(str) + 1)) == 0)
116	+ outofmem(__FILE__, "HTmmdecode");
117	+
118	+ for (s = str, u = buf; *s;) {
119	if (!strncasecomp(s, "=?ISO-2022-JP?B?", 16)) {
120	base64 = 1;
121	} else {
122	@@ -2181,11 +2185,14 @@
123	u--;
124	}
125	}
126	+ if (mmbuf == 0) /* allocate buffer big enough for source */
127	+ StrAllocCopy(mmbuf, str);
128	for (s += 16, t = mmbuf; *s; ) {
129	if (s[0] == '?' && s[1] == '=') {
130	break;
131	} else {
132	t++ = s++;
133	+ *t = '\0';
134	}
135	}
136	if (s[0] != '?' \|\| s[1] != '=') {
137	@@ -2195,14 +2202,12 @@
138	*t = '\0';
139	}
140	if (base64)
141	- HTmmdec_base64(mmbuf, mmbuf);
142	+ HTmmdec_base64(&m2buf, mmbuf);
143	if (quote)
144	- HTmmdec_quote(mmbuf, mmbuf);
145	- for (t = mmbuf; *t; )
146	+ HTmmdec_quote(&m2buf, mmbuf);
147	+ for (t = m2buf; *t; )
148	u++ = t++;
149	HTmmcont = 1;
150	- /* if (s == ' ' \|\| s == '\t') u++ = s; */
151	- /* for ( ; s == ' ' \|\| s == '\t'; s++) ; */
152	} else {
153	if (s != ' ' && s != '\t')
154	HTmmcont = 0;
155	@@ -2211,7 +2216,10 @@
156	}
157	*u = '\0';
158	end:
159	- strcpy(trg, buf);
160	+ StrAllocCopy(*t, buf);
161	+ FREE(m2buf);
162	+ FREE(mmbuf);
163	+ FREE(buf);
164	}
165
166	/*
167	@@ -2219,22 +2227,27 @@
168	** (The author of this function "rjis" is S. Ichikawa.)
169	*/
170	PUBLIC int HTrjis ARGS2(
171	- char *, t,
172	+ char **, t,
173	char *, s)
174	{
175	- char *p, buf[LINE_LENGTH];
176	+ char *p;
177	+ char *buf = NULL;
178	int kanji = 0;
179
180	- if (strchr(s, ESC) \|\| !strchr(s, '$')) {
181	- if (s != t)
182	- strcpy(t, s);
183	+ if (strchr(s, CH_ESC) \|\| !strchr(s, '$')) {
184	+ if (s != *t)
185	+ StrAllocCopy(*t, s);
186	return 1;
187	}
188	+
189	+ if ((buf = malloc(strlen(s) * 2 + 1)) == 0)
190	+ outofmem(__FILE__, "HTrjis");
191	+
192	for (p = buf; *s; ) {
193	if (!kanji && s[0] == '$' && (s[1] == '@' \|\| s[1] == 'B')) {
194	if (HTmaybekanji((int)s[2], (int)s[3])) {
195	kanji = 1;
196	- *p++ = ESC;
197	+ *p++ = CH_ESC;
198	p++ = s++;
199	p++ = s++;
200	p++ = s++;
201	@@ -2246,7 +2259,7 @@
202	}
203	if (kanji && s[0] == '(' && (s[1] == 'J' \|\| s[1] == 'B')) {
204	kanji = 0;
205	- *p++ = ESC;
206	+ *p++ = CH_ESC;
207	p++ = s++;
208	p++ = s++;
209	continue;
210	@@ -2255,7 +2268,8 @@
211	}
212	p = s; /* terminate string */
213
214	- strcpy(t, buf);
215	+ StrAllocCopy(*t, buf);
216	+ FREE(buf);
217	return 0;
218	}
219
220	Index: WWW/Library/Implementation/HTMIME.h
221	--- 2.8.5rel.2/WWW/Library/Implementation/HTMIME.h Wed Jan 22 01:43:13 2003
222	+++ 2.8.5rel.3/WWW/Library/Implementation/HTMIME.h Mon Oct 17 13:47:09 2005
223	@@ -67,20 +67,12 @@
224	For handling Japanese headers.
225
226	*/
227	-extern void HTmmdec_base64 PARAMS((
228	- char * t,
229	- char * s));
230	-
231	-extern void HTmmdec_quote PARAMS((
232	- char * t,
233	- char * s));
234	-
235	extern void HTmmdecode PARAMS((
236	- char * trg,
237	+ char ** trg,
238	char * str));
239
240	extern int HTrjis PARAMS((
241	- char * t,
242	+ char ** t,
243	char * s));
244
245	extern int HTmaybekanji PARAMS((
246	Index: WWW/Library/Implementation/HTNews.c
247	--- 2.8.5rel.2/WWW/Library/Implementation/HTNews.c Wed Jan 7 18:03:09 2004
248	+++ 2.8.5rel.3/WWW/Library/Implementation/HTNews.c Mon Oct 17 13:47:09 2005
249	@@ -940,7 +940,6 @@
250	}
251	}
252
253	-#ifdef SH_EX /* for MIME */
254	#ifdef NEWS_DEBUG
255	/* for DEBUG 1997/11/07 (Fri) 17:20:16 */
256	void debug_print(unsigned char *p)
257	@@ -962,45 +961,15 @@
258	}
259	#endif
260
261	-static char decode_mime(char str)
262	+static char decode_mime(char *str)
263	{
264	- char temp[LINE_LENGTH]; /* FIXME: what determines the actual size? */
265	- char p, q;
266	-
267	- if (str == NULL)
268	- return "";
269	-
270	+#ifdef SH_EX
271	if (HTCJK != JAPANESE)
272	- return str;
273	-
274	- LYstrncpy(temp, str, sizeof(temp) - 1);
275	- q = temp;
276	- while ((p = strchr(q, '=')) != 0) {
277	- if (p[1] == '?') {
278	- HTmmdecode(p, p);
279	- q = p + 2;
280	- } else {
281	- q = p + 1;
282	- }
283	- }
284	-#ifdef NEWS_DEBUG
285	- printf("new=[");
286	- debug_print(temp);
287	+ return *str;
288	#endif
289	- HTrjis(temp, temp);
290	- strcpy(str, temp);
291	-
292	- return str;
293	-}
294	-#else /* !SH_EX */
295	-static char decode_mime ARGS1(char , str)
296	-{
297	- HTmmdecode(str, str);
298	- HTrjis(str, str);
299	- return str;
300	+ HTmmdecode(str, *str);
301	+ return HTrjis(str, str) ? str : "";
302	}
303	-#endif
304	-
305
306	/* Read in an Article read_article
307	** ------------------
308	@@ -1087,22 +1056,22 @@
309
310	} else if (match(full_line, "SUBJECT:")) {
311	StrAllocCopy(subject, HTStrip(strchr(full_line,':')+1));
312	- decode_mime(subject);
313	+ decode_mime(&subject);
314	} else if (match(full_line, "DATE:")) {
315	StrAllocCopy(date, HTStrip(strchr(full_line,':')+1));
316
317	} else if (match(full_line, "ORGANIZATION:")) {
318	StrAllocCopy(organization,
319	HTStrip(strchr(full_line,':')+1));
320	- decode_mime(organization);
321	+ decode_mime(&organization);
322
323	} else if (match(full_line, "FROM:")) {
324	StrAllocCopy(from, HTStrip(strchr(full_line,':')+1));
325	- decode_mime(from);
326	+ decode_mime(&from);
327
328	} else if (match(full_line, "REPLY-TO:")) {
329	StrAllocCopy(replyto, HTStrip(strchr(full_line,':')+1));
330	- decode_mime(replyto);
331	+ decode_mime(&replyto);
332
333	} else if (match(full_line, "NEWSGROUPS:")) {
334	StrAllocCopy(newsgroups, HTStrip(strchr(full_line,':')+1));
335	@@ -1711,8 +1680,8 @@
336	int, last_required)
337	{
338	char line[LINE_LENGTH+1];
339	- char author[LINE_LENGTH+1];
340	- char subject[LINE_LENGTH+1];
341	+ char *author = NULL;
342	+ char *subject = NULL;
343	char *date = NULL;
344	int i;
345	char *p;
346	@@ -1725,7 +1694,6 @@
347	int status, count, first, last; /* Response fields */
348	/* count is only an upper limit */
349
350	- author[0] = '\0';
351	START(HTML_HEAD);
352	PUTC('\n');
353	START(HTML_TITLE);
354	@@ -1946,8 +1914,8 @@
355	case 'S':
356	case 's':
357	if (match(line, "SUBJECT:")) {
358	- LYstrncpy(subject, line+9, sizeof(subject)-1);/* Save subject */
359	- decode_mime(subject);
360	+ StrAllocCopy(subject, line + 9);
361	+ decode_mime(&subject);
362	}
363	break;
364
365	@@ -1964,10 +1932,8 @@
366	case 'F':
367	if (match(line, "FROM:")) {
368	char * p2;
369	- LYstrncpy(author,
370	- author_name(strchr(line,':')+1),
371	- sizeof(author)-1);
372	- decode_mime(author);
373	+ StrAllocCopy(author, strchr(line, ':') + 1);
374	+ decode_mime(&author);
375	p2 = author + strlen(author) - 1;
376	if (*p2==LF)
377	p2 = '\0'; / Chop off newline */
378	@@ -1988,11 +1954,8 @@
379
380	PUTC('\n');
381	START(HTML_LI);
382	-#ifdef SH_EX /* for MIME */
383	- HTSprintf0(&temp, "\"%s\"", decode_mime(subject));
384	-#else
385	- HTSprintf0(&temp, "\"%s\"", subject);
386	-#endif
387	+ p = decode_mime(&subject);
388	+ HTSprintf0(&temp, "\"%s\"", NonNull(p));
389	if (reference) {
390	write_anchor(temp, reference);
391	FREE(reference);
392	@@ -2001,18 +1964,14 @@
393	}
394	FREE(temp);
395
396	- if (author[0] != '\0') {
397	+ if (author != NULL) {
398	PUTS(" - ");
399	if (LYListNewsDates)
400	START(HTML_I);
401	-#ifdef SH_EX /* for MIME */
402	- PUTS(decode_mime(author));
403	-#else
404	- PUTS(author);
405	-#endif
406	+ PUTS(decode_mime(&author));
407	if (LYListNewsDates)
408	END(HTML_I);
409	- author[0] = '\0';
410	+ FREE(author);
411	}
412	if (date) {
413	if (!diagnostic) {
414	@@ -2055,6 +2014,8 @@
415	MAYBE_END(HTML_LI);
416	} /* Handle response to HEAD request */
417	} /* Loop over article */
418	+ FREE(author);
419	+ FREE(subject);
420	} /* If read headers */
421	PUTC('\n');
422	if (LYListNewsNumbers)
423	Index: configure
424	--- 2.8.5rel.2/configure Wed Feb 4 04:07:09 2004
425	+++ 2.8.5rel.3/configure Wed Feb 4 04:07:09 2004
426	@@ -723,7 +723,7 @@
427
428	PACKAGE=lynx
429	# $Format: "VERSION=$ProjectVersion$"$
430	-VERSION=2.8.5rel.2
431	+VERSION=2.8.5rel.3
432
433
434
435	Index: configure.in
436	--- 2.8.5rel.2/configure.in Wed Feb 4 04:07:09 2004
437	+++ 2.8.5rel.3/configure.in Wed Feb 4 04:07:09 2004
438	@@ -5,7 +5,7 @@
439	dnl
440	dnl ask PRCS to plug-in the project-version for the configure-script.
441	dnl $Format: "AC_REVISION($ProjectVersion$)"$
442	-AC_REVISION(2.8.5rel.2)
443	+AC_REVISION(2.8.5rel.3)
444
445	# Save the original $CFLAGS so we can distinguish whether the user set those
446	# in the environment, or whether autoconf added -O and -g options:
447	@@ -33,7 +33,7 @@
448	PACKAGE=lynx
449	dnl ask PRCS to plug-in the project-version for the packages.
450	# $Format: "VERSION=$ProjectVersion$"$
451	-VERSION=2.8.5rel.2
452	+VERSION=2.8.5rel.3
453	AC_SUBST(PACKAGE)
454	AC_SUBST(VERSION)
455	AC_SUBST(DESTDIR)
456	Index: lynx.cfg
457	--- 2.8.5rel.2/lynx.cfg Wed Jan 28 11:30:38 2004
458	+++ 2.8.5rel.3/lynx.cfg Wed Jan 28 11:30:38 2004
459	@@ -3,10 +3,10 @@
460	# or Lynx_Dir:lynx.cfg (VMS)
461	#
462	# $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$
463	-#PRCS LYNX_VERSION "2.8.5rel.2"
464	+#PRCS LYNX_VERSION "2.8.5rel.3"
465	#
466	# $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$
467	-#PRCS LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700"
468	+#PRCS LYNX_DATE "Mon, 17 Oct 2005 13:47:09 -0700"
469	#
470	# Definition pairs are of the form VARIABLE:DEFINITION
471	# NO spaces are allowed between the pair items.
472	Index: userdefs.h
473	--- 2.8.5rel.2/userdefs.h Mon Feb 2 12:02:28 2004
474	+++ 2.8.5rel.3/userdefs.h Mon Feb 2 12:02:28 2004
475	@@ -1360,11 +1360,11 @@
476	* the version definition with the Project Version on checkout. Just
477	* ignore it. - kw */
478	/* $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ */
479	-#define LYNX_VERSION "2.8.5rel.2"
480	+#define LYNX_VERSION "2.8.5rel.3"
481	#define LYNX_WWW_HOME "http://lynx.isc.org/"
482	#define LYNX_WWW_DIST "http://lynx.isc.org/current/"
483	/* $Format: "#define LYNX_DATE \"$ProjectDate$\""$ */
484	-#define LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700"
485	+#define LYNX_DATE "Mon, 17 Oct 2005 13:47:09 -0700"
486	#define LYNX_DATE_OFF 5 /* truncate the automatically-generated date */
487	#define LYNX_DATE_LEN 11 /* truncate the automatically-generated date */
488