diff options
| -rw-r--r-- | CHANGES | 6 | ||||
| -rw-r--r-- | PACKAGE/version.iss | 2 | ||||
| -rw-r--r-- | WWW/Library/Implementation/HTParse.c | 41 | ||||
| -rwxr-xr-x | configure | 2 | ||||
| -rw-r--r-- | configure.in | 6 | ||||
| -rw-r--r-- | lynx.cfg | 6 | ||||
| -rw-r--r-- | userdefs.h | 6 |
7 files changed, 44 insertions, 25 deletions
diff --git a/CHANGES b/CHANGES index 757ed231..f27fd2bf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,9 +1,11 @@ --- $LynxId: CHANGES,v 1.495 2010/08/08 16:43:13 tom Exp $ +-- $LynxId: CHANGES,v 1.497 2010/08/25 09:51:04 tom Exp $ =============================================================================== Changes since Lynx 2.8 release =============================================================================== -2010-08-08 (2.8.8dev.5) +2010-08-25 (2.8.8dev.5) +* modify convert_to_idna() to check for malformed urls (Debian #594300 reports + this as CVE-2010-2810) -TD * correct typo in po/makefile.inn from removal of mkdirs.sh in dev.4 (Debian #592078) -TD * correct a sign-extension error in UpdateBoundary(), used for MIME boundary diff --git a/PACKAGE/version.iss b/PACKAGE/version.iss index c78906e3..313d5438 100644 --- a/PACKAGE/version.iss +++ b/PACKAGE/version.iss @@ -1,7 +1,7 @@ ; version used for Inno Setup files. ; $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ -#define LYNX_VERSION "2.8.8dev.4" +#define LYNX_VERSION "2.8.8dev.5" #define MyAppName "Lynx" #define MyAppPublisher "Thomas E Dickey" diff --git a/WWW/Library/Implementation/HTParse.c b/WWW/Library/Implementation/HTParse.c index 6a4b1b01..c622eded 100644 --- a/WWW/Library/Implementation/HTParse.c +++ b/WWW/Library/Implementation/HTParse.c @@ -1,5 +1,5 @@ /* - * $LynxId: HTParse.c,v 1.59 2010/06/20 23:02:58 tom Exp $ + * $LynxId: HTParse.c,v 1.60 2010/08/25 09:17:08 tom Exp $ * * Parse HyperText Document Address HTParse.c * ================================ @@ -244,7 +244,7 @@ char *HTParsePort(char *host, int *portp) #ifdef USE_IDNA static int hex_decode(int ch) { - int result = 0; + int result = -1; if (ch >= '0' && ch <= '9') result = (ch - '0'); @@ -261,30 +261,47 @@ static int hex_decode(int ch) */ static void convert_to_idna(char *host) { - char *buffer = malloc(strlen(host) + 1); + size_t length = strlen(host); + char *endhost = host + length; + char *buffer = malloc(length + 1); char *output = NULL; char *src, *dst; int code; + int hi, lo; if (buffer != 0) { - for (dst = buffer, src = host; *src != '\0'; ++dst) { + code = TRUE; + for (dst = buffer, src = host; src < endhost; ++dst) { int ch = *src++; if (ch == HEX_ESCAPE) { - int hi = hex_decode(*src++); - int lo = hex_decode(*src++); + if ((src + 1) < endhost + && (hi = hex_decode(src[0])) >= 0 + && (lo = hex_decode(src[1])) >= 0) { - *dst = (char) ((hi << 4) | lo); + *dst = (char) ((hi << 4) | lo); + src += 2; + } else { + CTRACE((tfp, "convert_to_idna: `%s' is malformed\n", host)); + code = FALSE; + break; + } } else { *dst = (char) ch; } } - *dst = '\0'; - code = idna_to_ascii_8z(buffer, &output, IDNA_USE_STD3_ASCII_RULES); - if (code == IDNA_SUCCESS) { - strcpy(host, output); + if (code) { + *dst = '\0'; + code = idna_to_ascii_8z(buffer, &output, IDNA_USE_STD3_ASCII_RULES); + if (code == IDNA_SUCCESS) { + strcpy(host, output); + } else { + CTRACE((tfp, "convert_to_idna: `%s': %s\n", + buffer, + idna_strerror(code))); + } + FREE(output); } - FREE(output); free(buffer); } } diff --git a/configure b/configure index 7eaeb08d..3303a831 100755 --- a/configure +++ b/configure @@ -1242,7 +1242,7 @@ fi; PACKAGE=lynx # $Format: "VERSION=$ProjectVersion$"$ -VERSION=2.8.8dev.4 +VERSION=2.8.8dev.5 echo "$as_me:1247: checking for DESTDIR" >&5 echo $ECHO_N "checking for DESTDIR... $ECHO_C" >&6 diff --git a/configure.in b/configure.in index 55bfb932..33fba4f9 100644 --- a/configure.in +++ b/configure.in @@ -1,4 +1,4 @@ -dnl $LynxId: configure.in,v 1.216 2010/06/21 10:50:46 tom Exp $ +dnl $LynxId: configure.in,v 1.217 2010/08/25 09:49:56 tom Exp $ dnl dnl Process this file with autoconf to produce a configure script. dnl @@ -29,7 +29,7 @@ dnl --------------------------------------------------------------------------- dnl dnl ask PRCS to plug-in the project-version for the configure-script. dnl $Format: "AC_REVISION($ProjectVersion$)"$ -AC_REVISION(2.8.8dev.4) +AC_REVISION(2.8.8dev.5) # Save the original $CFLAGS so we can distinguish whether the user set those # in the environment, or whether autoconf added -O and -g options: @@ -62,7 +62,7 @@ AC_ARG_WITH(system-type, PACKAGE=lynx dnl ask PRCS to plug-in the project-version for the packages. # $Format: "VERSION=$ProjectVersion$"$ -VERSION=2.8.8dev.4 +VERSION=2.8.8dev.5 AC_SUBST(PACKAGE) AC_SUBST(VERSION) diff --git a/lynx.cfg b/lynx.cfg index bcaf50de..32017860 100644 --- a/lynx.cfg +++ b/lynx.cfg @@ -1,13 +1,13 @@ -# $LynxId: lynx.cfg,v 1.194 2010/06/21 10:50:46 tom Exp $ +# $LynxId: lynx.cfg,v 1.195 2010/08/25 09:49:56 tom Exp $ # lynx.cfg file. # The default placement for this file is /usr/local/lib/lynx.cfg (Unix) # or Lynx_Dir:lynx.cfg (VMS) # # $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$ -#PRCS LYNX_VERSION "2.8.8dev.4" +#PRCS LYNX_VERSION "2.8.8dev.5" # # $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$ -#PRCS LYNX_DATE "Mon, 21 Jun 2010 02:44:55 -0700" +#PRCS LYNX_DATE "Wed, 25 Aug 2010 02:40:13 -0700" # # Definition pairs are of the form VARIABLE:DEFINITION # NO spaces are allowed between the pair items. diff --git a/userdefs.h b/userdefs.h index d7e49278..24e619c5 100644 --- a/userdefs.h +++ b/userdefs.h @@ -1,5 +1,5 @@ /* - * $LynxId: userdefs.h,v 1.257 2010/06/21 10:50:46 tom Exp $ + * $LynxId: userdefs.h,v 1.258 2010/08/25 09:49:56 tom Exp $ * * Lynx - Hypertext navigation system * @@ -1432,11 +1432,11 @@ * the version definition with the Project Version on checkout. Just * ignore it. - kw */ /* $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ */ -#define LYNX_VERSION "2.8.8dev.4" +#define LYNX_VERSION "2.8.8dev.5" #define LYNX_WWW_HOME "http://lynx.isc.org/" #define LYNX_WWW_DIST "http://lynx.isc.org/current/" /* $Format: "#define LYNX_DATE \"$ProjectDate$\""$ */ -#define LYNX_DATE "Mon, 21 Jun 2010 02:44:55 -0700" +#define LYNX_DATE "Wed, 25 Aug 2010 02:40:13 -0700" #define LYNX_DATE_OFF 5 /* truncate the automatically-generated date */ #define LYNX_DATE_LEN 11 /* truncate the automatically-generated date */ |