rpms/lynx
5
0
Fork 0
Code Issues Pull Requests Releases Activity

- upstream patch that limits length of parsed URIs (#605286)

Browse Source
This commit is contained in:
Kamil Dudka 2010-07-07 14:32:33 +00:00
parent 6399ca3706
commit e82211463b
2 changed files with 120 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
lynx-2.8.7-alloca.patch Normal file
View File

@ -0,0 +1,112 @@
WWW/Library/Implementation/HTParse.c | 47 +++++++++++++++++++++++-----------
src/LYGlobalDefs.h | 1 +
src/LYMain.c | 1 +
3 files changed, 34 insertions(+), 15 deletions(-)
diff --git a/WWW/Library/Implementation/HTParse.c b/WWW/Library/Implementation/HTParse.c
index c9bfbbf..b265e22 100644
--- a/WWW/Library/Implementation/HTParse.c
+++ b/WWW/Library/Implementation/HTParse.c
@@ -12,6 +12,7 @@
#include <LYLeaks.h>
#include <LYStrings.h>
#include <LYCharUtils.h>
+#include <LYGlobalDefs.h>
#ifdef HAVE_ALLOCA_H
#include <alloca.h>
@@ -255,7 +256,8 @@ char *HTParse(const char *aName,
char *result = NULL;
char *tail = NULL; /* a pointer to the end of the 'result' string */
char *return_value = NULL;
- unsigned len, len1, len2;
+ size_t len, len1, len2;
+ size_t need;
char *name = NULL;
char *rel = NULL;
char *p, *q;
@@ -290,9 +292,17 @@ char *HTParse(const char *aName,
len2 = strlen(relatedName) + 1;
len = len1 + len2 + 8; /* Lots of space: more than enough */
- result = tail = (char *) LYalloca(len * 2 + len1 + len2);
+ need = (len * 2 + len1 + len2);
+ if (need > (size_t) max_uri_size ||
+ (int) need < (int) len1 ||
+ (int) need < (int) len2)
+ return StrAllocCopy(return_value, "");
+
+ result = tail = (char *) LYalloca(need);
if (result == NULL) {
outofmem(__FILE__, "HTParse");
+
+ assert(result != NULL);
}
*result = '\0';
name = result + len;
@@ -674,21 +684,28 @@ const char *HTParseAnchor(const char *aName)
* keeping in mind scan() peculiarities on schemes:
*/
struct struct_parts given;
+ size_t need = ((unsigned) ((p - aName) + (int) strlen(p) + 1));
+ char *name;
- char *name = (char *) LYalloca((unsigned) ((p - aName)
- + (int) strlen(p) + 1));
+ if (need > (size_t) max_uri_size) {
+ p += strlen(p);
+ } else {
+ name = (char *) LYalloca(need);
- if (name == NULL) {
- outofmem(__FILE__, "HTParseAnchor");
- }
- strcpy(name, aName);
- scan(name, &given);
- LYalloca_free(name);
-
- p++; /*next to '#' */
- if (given.anchor == NULL) {
- for (; *p; p++) /*scroll to end '\0' */
- ;
+ if (name == NULL) {
+ outofmem(__FILE__, "HTParseAnchor");
+
+ assert(name != NULL);
+ }
+ strcpy(name, aName);
+ scan(name, &given);
+ LYalloca_free(name);
+
+ p++; /*next to '#' */
+ if (given.anchor == NULL) {
+ for (; *p; p++) /*scroll to end '\0' */
+ ;
+ }
}
}
return p;
diff --git a/src/LYGlobalDefs.h b/src/LYGlobalDefs.h
index d0c5ab1..cc3e1e8 100644
--- a/src/LYGlobalDefs.h
+++ b/src/LYGlobalDefs.h
@@ -305,6 +305,7 @@ extern "C" {
extern int max_cookies_buffer;
extern int max_cookies_domain;
extern int max_cookies_global;
+ extern int max_uri_size;
#ifdef USE_SESSIONS
extern short session_limit; /* maximal entries saved/restored
in session file */
diff --git a/src/LYMain.c b/src/LYMain.c
index 126a30f..0ccebe5 100644
--- a/src/LYMain.c
+++ b/src/LYMain.c
@@ -494,6 +494,7 @@ int lynx_temp_subspace = 0; /* > 0 if we made temp-directory */
int max_cookies_domain = 50;
int max_cookies_global = 500;
int max_cookies_buffer = 4096;
+int max_uri_size = 8192;
int nlinks = 0; /* number of links in memory */
int outgoing_mail_charset = -1; /* translate mail to this charset */

9
lynx.spec
View File

@ -1,7 +1,7 @@
Summary: A text-based Web browser Summary: A text-based Web browser
Name: lynx Name: lynx
Version: 2.8.7 Version: 2.8.7
Release: 4%{?dist} Release: 5%{?dist}
License: GPLv2 License: GPLv2
Group: Applications/Internet Group: Applications/Internet
Source: http://lynx.isc.org/lynx%{version}/lynx%{version}.tar.bz2 Source: http://lynx.isc.org/lynx%{version}/lynx%{version}.tar.bz2
@ -33,6 +33,9 @@ Patch5: lynx-2.8.7-locale.patch
# bz #425879 # bz #425879
Patch6: lynx-2.8.7-ipv6arg.patch Patch6: lynx-2.8.7-ipv6arg.patch
# bz #605286
Patch7: lynx-2.8.7-alloca.patch
Provides: webclient Provides: webclient
Provides: text-www-browser Provides: text-www-browser
BuildRequires: gettext BuildRequires: gettext
@ -62,6 +65,7 @@ exits quickly and swiftly displays web pages.
%patch4 -p1 %patch4 -p1
%patch5 -p1 %patch5 -p1
%patch6 -p1 %patch6 -p1
%patch7 -p1
perl -pi -e "s,^HELPFILE:.*,HELPFILE:file://localhost/usr/share/doc/lynx-%{version}/lynx_help/lynx_help_main.html,g" lynx.cfg perl -pi -e "s,^HELPFILE:.*,HELPFILE:file://localhost/usr/share/doc/lynx-%{version}/lynx_help/lynx_help_main.html,g" lynx.cfg
perl -pi -e "s,^DEFAULT_INDEX_FILE:.*,DEFAULT_INDEX_FILE:http://www.google.com/,g" lynx.cfg perl -pi -e "s,^DEFAULT_INDEX_FILE:.*,DEFAULT_INDEX_FILE:http://www.google.com/,g" lynx.cfg
@ -149,6 +153,9 @@ rm -rf $RPM_BUILD_ROOT
%config(noreplace,missingok) %{_sysconfdir}/lynx-site.cfg %config(noreplace,missingok) %{_sysconfdir}/lynx-site.cfg
%changelog %changelog
* Wed Jul 07 2010 Kamil Dudka <kdudka@redhat.com> - 2.8.7-5
- upstream patch that limits length of parsed URIs (#605286)
* Thu Apr 08 2010 Kamil Dudka <kdudka@redhat.com> - 2.8.7-4 * Thu Apr 08 2010 Kamil Dudka <kdudka@redhat.com> - 2.8.7-4
- allow IPv6 addresses without http:// prefix (#425879) - allow IPv6 addresses without http:// prefix (#425879)