src - OpenBSD base system

diff options


context:
space:
mode:

author	Federico G. Schwindt <fgsch@cvs.openbsd.org>	2005-11-04 04:24:04 +0000
committer	Federico G. Schwindt <fgsch@cvs.openbsd.org>	2005-11-04 04:24:04 +0000
commit	d4dfa9a075094450e6106a29644a45aca52c088e (patch)
tree	06377ce648745a2aff2c516ffe2a976b53dae075 /gnu
parent	4e2c3eae12117be6f60ab980979f8d64ebcc067e (diff)

update to lynx2.8.5rel.4; fixes CAN-2005-3120 among other things.

prompted by naddy@, cloder@ ok.

Diffstat (limited to 'gnu')

-rw-r--r--

gnu/usr.bin/lynx/CHANGES

-rw-r--r--

gnu/usr.bin/lynx/WWW/Library/Implementation/HTGopher.c

-rw-r--r--

gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.c

-rw-r--r--

gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.h

-rw-r--r--

gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c

-rw-r--r--

gnu/usr.bin/lynx/configure

-rw-r--r--

gnu/usr.bin/lynx/configure.in

-rw-r--r--

gnu/usr.bin/lynx/lynx.cfg

-rw-r--r--

gnu/usr.bin/lynx/src/LYMainLoop.c

-rw-r--r--

gnu/usr.bin/lynx/src/LYOptions.c

-rw-r--r--

gnu/usr.bin/lynx/src/LYStrings.c

-rw-r--r--

gnu/usr.bin/lynx/userdefs.h

12 files changed, 96 insertions, 120 deletions

diff --git a/gnu/usr.bin/lynx/CHANGES b/gnu/usr.bin/lynx/CHANGES
index a9a3400d7eb..6535c6bbcdc 100644
--- a/gnu/usr.bin/lynx/CHANGES
+++ b/gnu/usr.bin/lynx/CHANGES

@@ -1,6 +1,14 @@

Changes since Lynx 2.8 release

===============================================================================

+2005-10-25 (2.8.5rel.4 fixes from 2.8.6dev.14)

+* fix error in rel.3 patch (report by Klaus Singvogel)

+2005-10-17 (2.8.5rel.3 fixes from 2.8.6dev.14)

+* eliminate fixed-size buffers in HTrjis() and related functions to avoid

+ potential buffer overflow in nntp pages (report by Ulf Harnhammar,

+ CAN-2005-3120) -TD

2004-04-22 (2.8.5rel.2 fixes from 2.8.6dev.1)

* correct ifdef in LYgetattrs() to ensure that getattrs() is used only if the

configure script actually found it (report/patch by Paul Gilmartin).

diff --git a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTGopher.c b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTGopher.c
index b47822ff931..3823bb6c6ba 100644
--- a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTGopher.c
+++ b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTGopher.c

@@ -1117,6 +1117,7 @@ PRIVATE int generate_cso_form ARGS4(

};

out = 0;

+ memset(&ctx, 0, sizeof(ctx));

ctx.host = host;

ctx.seek = (char *) 0;

ctx.port = port;

diff --git a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.c b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.c
index 5c6fcb7ce79..f2fd32558e6 100644
--- a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.c
+++ b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.c

@@ -2062,27 +2062,23 @@ PUBLIC HTStream* HTMIMERedirect ARGS3(

** Written by S. Ichikawa,

** partially inspired by encdec.c of <jh@efd.lth.se>.

-** Assume caller's buffer is LINE_LENGTH bytes, these decode to

-** no longer than the input strings.

-#define LINE_LENGTH 512 /* Maximum length of line of ARTICLE etc */

-#ifdef ESC

-#undef ESC

-#endif /* ESC */

#include <LYCharVals.h> /* S/390 -- gil -- 0163 */

-#define ESC CH_ESC

PRIVATE char HTmm64[] =

"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" ;

PRIVATE char HTmmquote[] = "0123456789ABCDEF";

PRIVATE int HTmmcont = 0;

-PUBLIC void HTmmdec_base64 ARGS2(

- char *, t,

+PRIVATE void HTmmdec_base64 ARGS2(

+ char **, t,

char *, s)

{

int d, count, j, val;

- char buf[LINE_LENGTH], *bp, nw[4], *p;

+ char *buf, *bp, nw[4], *p;

+ if ((buf = malloc(strlen(s) * 3 + 1)) == 0)

+ outofmem(__FILE__, "HTmmdec_base64");

for (bp = buf; *s; s += 4) {

val = 0;

@@ -2113,14 +2109,18 @@ PUBLIC void HTmmdec_base64 ARGS2(

*bp++ = nw[2];

}

*bp = '\0';

- strcpy(t, buf);

+ StrAllocCopy(*t, buf);

+ FREE(buf);

}

-PUBLIC void HTmmdec_quote ARGS2(

- char *, t,

+PRIVATE void HTmmdec_quote ARGS2(

+ char **, t,

char *, s)

{

- char buf[LINE_LENGTH], cval, *bp, *p;

+ char *buf, cval, *bp, *p;

+ if ((buf = malloc(strlen(s) + 1)) == 0)

+ outofmem(__FILE__, "HTmmdec_quote");

for (bp = buf; *s; ) {

if (*s == '=') {

@@ -2147,23 +2147,27 @@ PUBLIC void HTmmdec_quote ARGS2(

}

*bp = '\0';

- strcpy(t, buf);

+ StrAllocCopy(*t, buf);

+ FREE(buf);

}

** HTmmdecode for ISO-2022-JP - FM

PUBLIC void HTmmdecode ARGS2(

- char *, trg,

- char *, str)

+ char **, target,

+ char *, source)

{

- char buf[LINE_LENGTH], mmbuf[LINE_LENGTH];

+ char *buf;

+ char *mmbuf = NULL;

+ char *m2buf = NULL;

char *s, *t, *u;

int base64, quote;

- buf[0] = '\0';

- for (s = str, u = buf; *s; ) {

+ if ((buf = malloc(strlen(source) + 1)) == 0)

+ outofmem(__FILE__, "HTmmdecode");

+ for (s = source, u = buf; *s;) {

if (!strncasecomp(s, "=?ISO-2022-JP?B?", 16)) {

base64 = 1;

} else {

@@ -2177,15 +2181,18 @@ PUBLIC void HTmmdecode ARGS2(

if (base64 || quote) {

if (HTmmcont) {

for (t = s - 1;

- t >= str && (*t == ' ' || *t == '\t'); t--) {

+ t >= source && (*t == ' ' || *t == '\t'); t--) {

u--;

}

+ if (mmbuf == 0) /* allocate buffer big enough for source */

+ StrAllocCopy(mmbuf, source);

for (s += 16, t = mmbuf; *s; ) {

if (s[0] == '?' && s[1] == '=') {

break;

} else {

*t++ = *s++;

+ *t = '\0';

}

if (s[0] != '?' || s[1] != '=') {

@@ -2195,14 +2202,12 @@ PUBLIC void HTmmdecode ARGS2(

*t = '\0';

}

if (base64)

- HTmmdec_base64(mmbuf, mmbuf);

+ HTmmdec_base64(&m2buf, mmbuf);

if (quote)

- HTmmdec_quote(mmbuf, mmbuf);

- for (t = mmbuf; *t; )

+ HTmmdec_quote(&m2buf, mmbuf);

+ for (t = m2buf; *t; )

*u++ = *t++;

HTmmcont = 1;

- /* if (*s == ' ' || *s == '\t') *u++ = *s; */

- /* for ( ; *s == ' ' || *s == '\t'; s++) ; */

} else {

if (*s != ' ' && *s != '\t')

HTmmcont = 0;

@@ -2211,7 +2216,10 @@ PUBLIC void HTmmdecode ARGS2(

}

*u = '\0';

end:

- strcpy(trg, buf);

+ StrAllocCopy(*target, buf);

+ FREE(m2buf);

+ FREE(mmbuf);

+ FREE(buf);

}

@@ -2219,22 +2227,27 @@ end:

** (The author of this function "rjis" is S. Ichikawa.)

PUBLIC int HTrjis ARGS2(

- char *, t,

+ char **, t,

char *, s)

{

- char *p, buf[LINE_LENGTH];

+ char *p;

+ char *buf = NULL;

int kanji = 0;

- if (strchr(s, ESC) || !strchr(s, '$')) {

- if (s != t)

- strcpy(t, s);

+ if (strchr(s, CH_ESC) || !strchr(s, '$')) {

+ if (s != *t)

+ StrAllocCopy(*t, s);

return 1;

}

+ if ((buf = malloc(strlen(s) * 2 + 1)) == 0)

+ outofmem(__FILE__, "HTrjis");

for (p = buf; *s; ) {

if (!kanji && s[0] == '$' && (s[1] == '@' || s[1] == 'B')) {

if (HTmaybekanji((int)s[2], (int)s[3])) {

kanji = 1;

- *p++ = ESC;

+ *p++ = CH_ESC;

*p++ = *s++;

@@ -2246,7 +2259,7 @@ PUBLIC int HTrjis ARGS2(

}

if (kanji && s[0] == '(' && (s[1] == 'J' || s[1] == 'B')) {

kanji = 0;

- *p++ = ESC;

+ *p++ = CH_ESC;

*p++ = *s++;

continue;

@@ -2255,7 +2268,8 @@ PUBLIC int HTrjis ARGS2(

}

*p = *s; /* terminate string */

- strcpy(t, buf);

+ StrAllocCopy(*t, buf);

+ FREE(buf);

return 0;

}

@@ -2267,7 +2281,7 @@ PUBLIC int HTrjis ARGS2(

* RJIS ( Recover JIS code from broken file )

- * $Header: /cvs/OpenBSD/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.c,v 1.4 2004/06/22 04:01:42 avsm Exp $

+ * $Header: /cvs/OpenBSD/src/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.c,v 1.5 2005/11/04 04:24:03 fgsch Exp $

* Hironobu Takahashi (takahasi@tiny.or.jp)

diff --git a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.h b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.h
index 211e21b4bd6..d554e381e6c 100644
--- a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.h
+++ b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTMIME.h

@@ -67,20 +67,12 @@ extern HTStream * HTMIMERedirect PARAMS((HTPresentation * pres,

For handling Japanese headers.

-extern void HTmmdec_base64 PARAMS((

- char * t,

- char * s));

-extern void HTmmdec_quote PARAMS((

- char * t,

- char * s));

extern void HTmmdecode PARAMS((

- char * trg,

+ char ** trg,

char * str));

extern int HTrjis PARAMS((

- char * t,

+ char ** t,

char * s));

extern int HTmaybekanji PARAMS((

diff --git a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c
index 651e66adadd..0826276affc 100644
--- a/gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c
+++ b/gnu/usr.bin/lynx/WWW/Library/Implementation/HTNews.c

@@ -940,7 +940,6 @@ PRIVATE void post_article ARGS1(

}

-#ifdef SH_EX /* for MIME */

#ifdef NEWS_DEBUG

/* for DEBUG 1997/11/07 (Fri) 17:20:16 */

void debug_print(unsigned char *p)

@@ -962,45 +961,15 @@ void debug_print(unsigned char *p)

}

#endif

-static char *decode_mime(char *str)

+static char *decode_mime(char **str)

{

- char temp[LINE_LENGTH]; /* FIXME: what determines the actual size? */

- char *p, *q;

- if (str == NULL)

- return "";

+#ifdef SH_EX

if (HTCJK != JAPANESE)

- return str;

- LYstrncpy(temp, str, sizeof(temp) - 1);

- q = temp;

- while ((p = strchr(q, '=')) != 0) {

- if (p[1] == '?') {

- HTmmdecode(p, p);

- q = p + 2;

- } else {

- q = p + 1;

- }

-#ifdef NEWS_DEBUG

- printf("new=[");

- debug_print(temp);

+ return *str;

#endif

- HTrjis(temp, temp);

- strcpy(str, temp);

- return str;

+ HTmmdecode(str, *str);

+ return HTrjis(str, *str) ? *str : "";

}

-#else /* !SH_EX */

-static char *decode_mime ARGS1(char *, str)

- HTmmdecode(str, str);

- HTrjis(str, str);

- return str;

-#endif

/* Read in an Article read_article

** ------------------

@@ -1087,22 +1056,22 @@ PRIVATE int read_article ARGS1(

} else if (match(full_line, "SUBJECT:")) {

StrAllocCopy(subject, HTStrip(strchr(full_line,':')+1));

- decode_mime(subject);

+ decode_mime(&subject);

} else if (match(full_line, "DATE:")) {

StrAllocCopy(date, HTStrip(strchr(full_line,':')+1));

} else if (match(full_line, "ORGANIZATION:")) {

StrAllocCopy(organization,

HTStrip(strchr(full_line,':')+1));

- decode_mime(organization);

+ decode_mime(&organization);

} else if (match(full_line, "FROM:")) {

StrAllocCopy(from, HTStrip(strchr(full_line,':')+1));

- decode_mime(from);

+ decode_mime(&from);

} else if (match(full_line, "REPLY-TO:")) {

StrAllocCopy(replyto, HTStrip(strchr(full_line,':')+1));

- decode_mime(replyto);

+ decode_mime(&replyto);

} else if (match(full_line, "NEWSGROUPS:")) {

StrAllocCopy(newsgroups, HTStrip(strchr(full_line,':')+1));

@@ -1711,8 +1680,8 @@ PRIVATE int read_group ARGS3(

int, last_required)

{

char line[LINE_LENGTH+1];

- char author[LINE_LENGTH+1];

- char subject[LINE_LENGTH+1];

+ char *author = NULL;

+ char *subject = NULL;

char *date = NULL;

int i;

char *p;

@@ -1725,7 +1694,6 @@ PRIVATE int read_group ARGS3(

int status, count, first, last; /* Response fields */

/* count is only an upper limit */

- author[0] = '\0';

START(HTML_HEAD);

PUTC('\n');

START(HTML_TITLE);

@@ -1946,8 +1914,8 @@ PRIVATE int read_group ARGS3(

case 'S':

case 's':

if (match(line, "SUBJECT:")) {

- LYstrncpy(subject, line+9, sizeof(subject)-1);/* Save subject */

- decode_mime(subject);

+ StrAllocCopy(subject, line + 9);

+ decode_mime(&subject);

}

break;

@@ -1964,10 +1932,8 @@ PRIVATE int read_group ARGS3(

case 'F':

if (match(line, "FROM:")) {

char * p2;

- LYstrncpy(author,

- author_name(strchr(line,':')+1),

- sizeof(author)-1);

- decode_mime(author);

+ StrAllocCopy(author, strchr(line, ':') + 1);

+ decode_mime(&author);

p2 = author + strlen(author) - 1;

if (*p2==LF)

*p2 = '\0'; /* Chop off newline */

@@ -1988,11 +1954,8 @@ PRIVATE int read_group ARGS3(

PUTC('\n');

START(HTML_LI);

-#ifdef SH_EX /* for MIME */

- HTSprintf0(&temp, "\"%s\"", decode_mime(subject));

-#else

- HTSprintf0(&temp, "\"%s\"", subject);

-#endif

+ p = decode_mime(&subject);

+ HTSprintf0(&temp, "\"%s\"", NonNull(p));

if (reference) {

write_anchor(temp, reference);

FREE(reference);

@@ -2001,18 +1964,14 @@ PRIVATE int read_group ARGS3(

}

FREE(temp);

- if (author[0] != '\0') {

+ if (author != NULL) {

PUTS(" - ");

if (LYListNewsDates)

START(HTML_I);

-#ifdef SH_EX /* for MIME */

- PUTS(decode_mime(author));

-#else

- PUTS(author);

-#endif

+ PUTS(decode_mime(&author));

if (LYListNewsDates)

END(HTML_I);

- author[0] = '\0';

+ FREE(author);

}

if (date) {

if (!diagnostic) {

@@ -2055,6 +2014,8 @@ PRIVATE int read_group ARGS3(

MAYBE_END(HTML_LI);

} /* Handle response to HEAD request */

} /* Loop over article */

+ FREE(author);

+ FREE(subject);

} /* If read headers */

PUTC('\n');

if (LYListNewsNumbers)

diff --git a/gnu/usr.bin/lynx/configure b/gnu/usr.bin/lynx/configure
index b50b9eb8f83..632c12dd800 100644
--- a/gnu/usr.bin/lynx/configure
+++ b/gnu/usr.bin/lynx/configure

@@ -723,7 +723,7 @@ fi

PACKAGE=lynx

# $Format: "VERSION=$ProjectVersion$"$

-VERSION=2.8.5rel.2

+VERSION=2.8.5rel.4

diff --git a/gnu/usr.bin/lynx/configure.in b/gnu/usr.bin/lynx/configure.in
index 3d6a06e116c..f094a3562f8 100644
--- a/gnu/usr.bin/lynx/configure.in
+++ b/gnu/usr.bin/lynx/configure.in

@@ -5,7 +5,7 @@ dnl and Jim Spath <jspath@mail.bcpl.lib.md.us>

dnl

dnl ask PRCS to plug-in the project-version for the configure-script.

dnl $Format: "AC_REVISION($ProjectVersion$)"$

-AC_REVISION(2.8.5rel.2)

+AC_REVISION(2.8.5rel.4)

# Save the original $CFLAGS so we can distinguish whether the user set those

# in the environment, or whether autoconf added -O and -g options:

@@ -33,7 +33,7 @@ CF_CHECK_CACHE

PACKAGE=lynx

dnl ask PRCS to plug-in the project-version for the packages.

# $Format: "VERSION=$ProjectVersion$"$

-VERSION=2.8.5rel.2

+VERSION=2.8.5rel.4

AC_SUBST(PACKAGE)

AC_SUBST(VERSION)

AC_SUBST(DESTDIR)

diff --git a/gnu/usr.bin/lynx/lynx.cfg b/gnu/usr.bin/lynx/lynx.cfg
index 6de7a9219ab..9c13b2878e6 100644
--- a/gnu/usr.bin/lynx/lynx.cfg
+++ b/gnu/usr.bin/lynx/lynx.cfg

@@ -3,10 +3,10 @@

# or Lynx_Dir:lynx.cfg (VMS)

# $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$

-#PRCS LYNX_VERSION "2.8.5rel.2"

+#PRCS LYNX_VERSION "2.8.5rel.4"

# $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$

-#PRCS LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700"

+#PRCS LYNX_DATE "Tue, 25 Oct 2005 17:40:26 -0700"

# Definition pairs are of the form VARIABLE:DEFINITION

# NO spaces are allowed between the pair items.

diff --git a/gnu/usr.bin/lynx/src/LYMainLoop.c b/gnu/usr.bin/lynx/src/LYMainLoop.c
index c8c759e04de..e5f32a67ff7 100644
--- a/gnu/usr.bin/lynx/src/LYMainLoop.c
+++ b/gnu/usr.bin/lynx/src/LYMainLoop.c

@@ -5207,8 +5207,8 @@ int mainloop NOARGS

char cfile[128];

FILE *cfp;

char *cp;

- int ch, recall;

- int URLTotal;

+ int ch = 0, recall = 0;

+ int URLTotal = 0;

int URLNum;

BOOLEAN FirstURLRecall = TRUE;

char *temp = NULL;

diff --git a/gnu/usr.bin/lynx/src/LYOptions.c b/gnu/usr.bin/lynx/src/LYOptions.c
index 8749a59a1e7..67abfbab566 100644
--- a/gnu/usr.bin/lynx/src/LYOptions.c
+++ b/gnu/usr.bin/lynx/src/LYOptions.c

@@ -2488,7 +2488,7 @@ PUBLIC int postoptions ARGS1(

PostPair *data = 0;

DocAddress WWWDoc; /* need on exit */

int i;

- int code;

+ int code = 0;

BOOLEAN save_all = FALSE;

int display_char_set_old = current_char_set;

BOOLEAN raw_mode_old = LYRawMode;

@@ -2642,7 +2642,7 @@ PUBLIC int postoptions ARGS1(

/* Keypad Mode: SELECT */

if (!strcmp(data[i].tag, keypad_mode_string)) {

- int newval;

+ int newval = 0;

if (GetOptValues(keypad_mode_values, data[i].value, &newval)

&& keypad_mode != newval) {

keypad_mode = newval;

diff --git a/gnu/usr.bin/lynx/src/LYStrings.c b/gnu/usr.bin/lynx/src/LYStrings.c
index 58fa79ea46b..b2c87fdfa57 100644
--- a/gnu/usr.bin/lynx/src/LYStrings.c
+++ b/gnu/usr.bin/lynx/src/LYStrings.c

@@ -1046,7 +1046,7 @@ PRIVATE BOOLEAN unescape_string ARGS3(char*, src, char *, dst, char *, final)

BOOLEAN ok = FALSE;

if (*src == SQUOTE) {

- int keysym;

+ int keysym = 0;

unescaped_char(src, &keysym);

if (keysym >= 0) {

dst[0] = keysym;

diff --git a/gnu/usr.bin/lynx/userdefs.h b/gnu/usr.bin/lynx/userdefs.h
index a062fbd5a0f..90165f5da06 100644
--- a/gnu/usr.bin/lynx/userdefs.h
+++ b/gnu/usr.bin/lynx/userdefs.h

@@ -1360,11 +1360,11 @@

* the version definition with the Project Version on checkout. Just

* ignore it. - kw */

/* $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ */

-#define LYNX_VERSION "2.8.5rel.2"

+#define LYNX_VERSION "2.8.5rel.4"

#define LYNX_WWW_HOME "http://lynx.isc.org/"

#define LYNX_WWW_DIST "http://lynx.isc.org/current/"

/* $Format: "#define LYNX_DATE \"$ProjectDate$\""$ */

-#define LYNX_DATE "Thu, 22 Apr 2004 16:08:10 -0700"

+#define LYNX_DATE "Tue, 25 Oct 2005 17:40:26 -0700"

#define LYNX_DATE_OFF 5 /* truncate the automatically-generated date */

#define LYNX_DATE_LEN 11 /* truncate the automatically-generated date */