91 lines
3.2 KiB
Diff
91 lines
3.2 KiB
Diff
|
--- lynx2-8-5/src/LYCgi.c.cve-2005-2929 2004-02-02 13:02:28.000000000 -0700
|
||
|
|
+++ lynx2-8-5/src/LYCgi.c 2005-11-12 09:57:35.832520625 -0700
|
||
|
|
@@ -140,6 +140,40 @@
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
+#ifdef LYNXCGI_LINKS
|
||
|
|
+/*
|
||
|
|
+ * Wrapper for exec_ok(), confirming with user if the link text is not visible
|
||
|
|
+ * in the status line.
|
||
|
|
+ */
|
||
|
|
+static BOOL can_exec_cgi(const char *linktext, const char *linkargs)
|
||
|
|
+{
|
||
|
|
+ const char *format = gettext("Do you want to execute \"%s\"?");
|
||
|
|
+ char *message = NULL;
|
||
|
|
+ char *command = NULL;
|
||
|
|
+ char *p;
|
||
|
|
+ BOOL result = TRUE;
|
||
|
|
+
|
||
|
|
+ if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) {
|
||
|
|
+ /* exec_ok gives out msg. */
|
||
|
|
+ result = FALSE;
|
||
|
|
+ } else if (user_mode < ADVANCED_MODE) {
|
||
|
|
+ StrAllocCopy(command, linktext);
|
||
|
|
+ if (non_empty(linkargs)) {
|
||
|
|
+ HTSprintf(&command, " %s", linkargs);
|
||
|
|
+ }
|
||
|
|
+ HTUnEscape(command);
|
||
|
|
+ for (p = command; *p; ++p)
|
||
|
|
+ if (*p == '+')
|
||
|
|
+ *p = ' ';
|
||
|
|
+ HTSprintf0(&message, format, command);
|
||
|
|
+ result = HTConfirm(message);
|
||
|
|
+ FREE(message);
|
||
|
|
+ FREE(command);
|
||
|
|
+ }
|
||
|
|
+ return result;
|
||
|
|
+}
|
||
|
|
+#endif /* LYNXCGI_LINKS */
|
||
|
|
+
|
||
|
|
#ifdef __MINGW32__
|
||
|
|
PRIVATE int LYLoadCGI ARGS4(
|
||
|
|
CONST char *, arg,
|
||
|
|
@@ -281,8 +315,7 @@
|
||
|
|
strcmp(arg, HTLoadedDocumentURL()) &&
|
||
|
|
HText_AreDifferent(anAnchor, arg) &&
|
||
|
|
HTUnEscape(orig_pgm) &&
|
||
|
|
- !exec_ok(HTLoadedDocumentURL(), orig_pgm,
|
||
|
|
- CGI_PATH)) { /* exec_ok gives out msg. */
|
||
|
|
+ !can_exec_cgi(orig_pgm, "")) {
|
||
|
|
/*
|
||
|
|
* If we have extra path info and are not just reloading
|
||
|
|
* the current, check the full file path (after unescaping)
|
||
|
|
@@ -313,8 +346,7 @@
|
||
|
|
!(reloading && anAnchor->document) &&
|
||
|
|
strcmp(arg, HTLoadedDocumentURL()) &&
|
||
|
|
HText_AreDifferent(anAnchor, arg) &&
|
||
|
|
- !exec_ok(HTLoadedDocumentURL(), pgm,
|
||
|
|
- CGI_PATH)) { /* exec_ok gives out msg. */
|
||
|
|
+ !can_exec_cgi(pgm, pgm_args)) {
|
||
|
|
/*
|
||
|
|
* If we are reloading a lynxcgi document that had already been
|
||
|
|
* loaded, the various checks above should allow it even if
|
||
|
|
--- lynx2-8-5/src/LYGetFile.c.CVE-2005-2929 2003-06-02 02:16:28.000000000 +0100
|
||
|
|
+++ lynx2-8-5/src/LYGetFile.c 2005-11-11 18:03:27.000000000 +0000
|
||
|
|
@@ -1478,6 +1478,8 @@
|
||
|
|
if (strstr(command,"//") == linktext) {
|
||
|
|
command += 2;
|
||
|
|
}
|
||
|
|
+ CTRACE((tfp, "comparing source\n\t'%s'\n\t'%s'\n", source, tp->src));
|
||
|
|
+ CTRACE((tfp, "comparing command\n\t'%s'\n\t'%s'\n", command, tp->path));
|
||
|
|
if (STRNADDRCOMP(source, tp->src, strlen(tp->src)) == 0 &&
|
||
|
|
STRNADDRCOMP(command, tp->path, strlen(tp->path)) == 0)
|
||
|
|
return TRUE;
|
||
|
|
--- lynx2-8-5/CHANGES.CVE-2005-2929 2005-11-11 18:02:29.000000000 +0000
|
||
|
|
+++ lynx2-8-5/CHANGES 2005-11-11 18:08:10.000000000 +0000
|
||
|
|
@@ -3,6 +3,13 @@
|
||
|
|
* eliminate fixed-size buffers in HTrjis() and related functions to avoid
|
||
|
|
potential buffer overflow in nntp pages (report by Ulf Harnhammar) -TD
|
||
|
|
|
||
|
|
+2005-10-30 (2.8.6dev.15)
|
||
|
|
+* modify LYLoadCGI() to prompt user, displaying the command that would be
|
||
|
|
+ executed, to confirm that it should be. This makes it easier to notice when
|
||
|
|
+ a local program would be run by activating a lynxcgi link. This is not done
|
||
|
|
+ in advanced mode, since the URL is already visible in the status line (report
|
||
|
|
+ by vade79, comments by Greg MacManus) -TD
|
||
|
|
+
|
||
|
|
2003-06-01 (2.8.5dev.16)
|
||
|
|
+ add zh_CN.po from
|
||
|
|
http://www.iro.umontreal.ca/contrib/po/maint/lynx/
|