rpms/lynx/F-13 lynx-2.8.7-alloca.patch,NONE,1.1 lynx.spec,1.63,1.64
Kamil Dudka
kdudka at fedoraproject.org
Wed Jul 7 14:36:49 UTC 2010
Author: kdudka
Update of /cvs/extras/rpms/lynx/F-13
In directory cvs01.phx2.fedoraproject.org:/tmp/cvs-serv9253
Modified Files:
lynx.spec
Added Files:
lynx-2.8.7-alloca.patch
Log Message:
- upstream patch that limits length of parsed URIs (#605286)
lynx-2.8.7-alloca.patch:
WWW/Library/Implementation/HTParse.c | 47 +++++++++++++++++++++++------------
src/LYGlobalDefs.h | 1
src/LYMain.c | 1
3 files changed, 34 insertions(+), 15 deletions(-)
--- NEW FILE lynx-2.8.7-alloca.patch ---
WWW/Library/Implementation/HTParse.c | 47 +++++++++++++++++++++++-----------
src/LYGlobalDefs.h | 1 +
src/LYMain.c | 1 +
3 files changed, 34 insertions(+), 15 deletions(-)
diff --git a/WWW/Library/Implementation/HTParse.c b/WWW/Library/Implementation/HTParse.c
index c9bfbbf..b265e22 100644
--- a/WWW/Library/Implementation/HTParse.c
+++ b/WWW/Library/Implementation/HTParse.c
@@ -12,6 +12,7 @@
#include <LYLeaks.h>
#include <LYStrings.h>
#include <LYCharUtils.h>
+#include <LYGlobalDefs.h>
#ifdef HAVE_ALLOCA_H
#include <alloca.h>
@@ -255,7 +256,8 @@ char *HTParse(const char *aName,
char *result = NULL;
char *tail = NULL; /* a pointer to the end of the 'result' string */
char *return_value = NULL;
- unsigned len, len1, len2;
+ size_t len, len1, len2;
+ size_t need;
char *name = NULL;
char *rel = NULL;
char *p, *q;
@@ -290,9 +292,17 @@ char *HTParse(const char *aName,
len2 = strlen(relatedName) + 1;
len = len1 + len2 + 8; /* Lots of space: more than enough */
- result = tail = (char *) LYalloca(len * 2 + len1 + len2);
+ need = (len * 2 + len1 + len2);
+ if (need > (size_t) max_uri_size ||
+ (int) need < (int) len1 ||
+ (int) need < (int) len2)
+ return StrAllocCopy(return_value, "");
+
+ result = tail = (char *) LYalloca(need);
if (result == NULL) {
outofmem(__FILE__, "HTParse");
+
+ assert(result != NULL);
}
*result = '\0';
name = result + len;
@@ -674,21 +684,28 @@ const char *HTParseAnchor(const char *aName)
* keeping in mind scan() peculiarities on schemes:
*/
struct struct_parts given;
+ size_t need = ((unsigned) ((p - aName) + (int) strlen(p) + 1));
+ char *name;
- char *name = (char *) LYalloca((unsigned) ((p - aName)
- + (int) strlen(p) + 1));
+ if (need > (size_t) max_uri_size) {
+ p += strlen(p);
+ } else {
+ name = (char *) LYalloca(need);
- if (name == NULL) {
- outofmem(__FILE__, "HTParseAnchor");
- }
- strcpy(name, aName);
- scan(name, &given);
- LYalloca_free(name);
-
- p++; /*next to '#' */
- if (given.anchor == NULL) {
- for (; *p; p++) /*scroll to end '\0' */
- ;
+ if (name == NULL) {
+ outofmem(__FILE__, "HTParseAnchor");
+
+ assert(name != NULL);
+ }
+ strcpy(name, aName);
+ scan(name, &given);
+ LYalloca_free(name);
+
+ p++; /*next to '#' */
+ if (given.anchor == NULL) {
+ for (; *p; p++) /*scroll to end '\0' */
+ ;
+ }
}
}
return p;
diff --git a/src/LYGlobalDefs.h b/src/LYGlobalDefs.h
index d0c5ab1..cc3e1e8 100644
--- a/src/LYGlobalDefs.h
+++ b/src/LYGlobalDefs.h
@@ -305,6 +305,7 @@ extern "C" {
extern int max_cookies_buffer;
extern int max_cookies_domain;
extern int max_cookies_global;
+ extern int max_uri_size;
#ifdef USE_SESSIONS
extern short session_limit; /* maximal entries saved/restored
in session file */
diff --git a/src/LYMain.c b/src/LYMain.c
index 126a30f..0ccebe5 100644
--- a/src/LYMain.c
+++ b/src/LYMain.c
@@ -494,6 +494,7 @@ int lynx_temp_subspace = 0; /* > 0 if we made temp-directory */
int max_cookies_domain = 50;
int max_cookies_global = 500;
int max_cookies_buffer = 4096;
+int max_uri_size = 8192;
int nlinks = 0; /* number of links in memory */
int outgoing_mail_charset = -1; /* translate mail to this charset */
Index: lynx.spec
===================================================================
RCS file: /cvs/extras/rpms/lynx/F-13/lynx.spec,v
retrieving revision 1.63
retrieving revision 1.64
diff -u -p -r1.63 -r1.64
--- lynx.spec 13 Jan 2010 08:59:26 -0000 1.63
+++ lynx.spec 7 Jul 2010 14:36:49 -0000 1.64
@@ -1,7 +1,7 @@
Summary: A text-based Web browser
Name: lynx
Version: 2.8.7
-Release: 2%{?dist}
+Release: 3%{?dist}
License: GPLv2
Group: Applications/Internet
Source: http://lynx.isc.org/lynx%{version}/lynx%{version}.tar.bz2
@@ -11,6 +11,8 @@ Patch1: lynx-2.8.6-backgrcolor.patch
Patch2: lynx-build-fixes.patch
Patch3: lynx-CVE-2008-4690.patch
Patch4: lynx-2.8.7-bm-del.patch
+Patch5: lynx-2.8.7-alloca.patch
+
Provides: webclient
Provides: text-www-browser
BuildRequires: gettext
@@ -53,6 +55,9 @@ exits quickly and swiftly displays web p
# by group (#486070)
%patch4 -p1
+# bz #605286
+%patch5 -p1
+
perl -pi -e "s,^HELPFILE:.*,HELPFILE:file://localhost/usr/share/doc/lynx-%{version}/lynx_help/lynx_help_main.html,g" lynx.cfg
perl -pi -e "s,^DEFAULT_INDEX_FILE:.*,DEFAULT_INDEX_FILE:http://www.google.com/,g" lynx.cfg
perl -pi -e 's,^#LOCALE_CHARSET:.*,LOCALE_CHARSET:TRUE,' lynx.cfg
@@ -124,6 +129,9 @@ rm -rf $RPM_BUILD_ROOT
%config(noreplace,missingok) %{_sysconfdir}/lynx-site.cfg
%changelog
+* Wed Jul 07 2010 Kamil Dudka <kdudka at redhat.com> - 2.8.7-3
+- upstream patch that limits length of parsed URIs (#605286)
+
* Wed Jan 13 2010 Kamil Dudka <kdudka at redhat.com> - 2.8.7-2
- make it possible to delete a bookmark when ~/lynx_bookmarks.html is writable
by group (#486070)
More information about the scm-commits
mailing list