Codebase list lynx / f334418
Imported Debian patch 2.8.5-2.5woody1 Martin Schulze authored 17 years ago Axel Beckert committed 9 years ago
4 changed file(s) with 253 addition(s) and 0 deletion(s). Raw diff Collapse all Expand all
+12
-0
debian/changelog less more
0 lynx-cur (2.8.5-2.5woody1) oldstable-security; urgency=high
1
2 * Non-maintainer upload by the Security Team
3 * Applied patch by Ulf Härnhammar to fix buffer overflow that can lead
4 to arbitrary code execution [WWW/Library/Implementation/HTMIME.c,
5 CAN-2005-3120, debian/patch-3]
6 * Added patch from Thomas Dickey to fix infinete loop rendering broken
7 HTML [userdefs.h, src/GridText.c, src/HTForms.h, src/HTML.c,
8 src/HTML.h, src/LYCurses.h, CVE-2004-1617, debian/patch-4]
9
10 -- Martin Schulze <joey@infodrom.org> Mon, 29 May 2006 06:10:04 +0200
11
012 lynx-cur (2.8.5-2.5) unstable; urgency=low
113
214 * Added catalan translation of templates contributed by Antoni Bella
+20
-0
debian/patch-3 less more
0 --- lynx-cur-2.8.5.orig/WWW/Library/Implementation/HTMIME.c
1 +++ lynx-cur-2.8.5/WWW/Library/Implementation/HTMIME.c
2 @@ -2135,7 +2135,7 @@
3 strcpy(t, s);
4 return 1;
5 }
6 - for (p = buf; *s; ) {
7 + for (p = buf; *s && p < buf + LINE_LENGTH - 8; ) {
8 if (!kanji && s[0] == '$' && (s[1] == '@' || s[1] == 'B')) {
9 if (HTmaybekanji((int)s[2], (int)s[3])) {
10 kanji = 1;
11 @@ -2158,7 +2158,7 @@
12 }
13 *p++ = *s++;
14 }
15 - *p = *s; /* terminate string */
16 + *p = '\0'; /* terminate string */
17
18 strcpy(t, buf);
19 return 0;
+215
-0
debian/patch-4 less more
0 diff -u lynx-cur-2.8.5/userdefs.h lynx-cur-2.8.5/userdefs.h
1 --- lynx-cur-2.8.5/userdefs.h
2 +++ lynx-cur-2.8.5/userdefs.h
3 @@ -1366,6 +1366,8 @@
4 #define MAXCHARSETS 60 /* max character sets supported */
5 #define TRST_MAXROWSPAN 10000 /* max rowspan accepted by TRST code */
6 #define TRST_MAXCOLSPAN 1000 /* max colspan and COL/COLGROUP span accepted */
7 +#define MAX_TABLE_ROWS 200 /* max rows for tables */
8 +#define MAX_TABLE_COLS 200 /* max cols for tables */
9 #define SAVE_TIME_NOT_SPACE /* minimize number of some malloc calls */
10
11 /* Win32 may support more, but old win16 helper apps may not. */
12 diff -u lynx-cur-2.8.5/src/GridText.c lynx-cur-2.8.5/src/GridText.c
13 --- lynx-cur-2.8.5/src/GridText.c
14 +++ lynx-cur-2.8.5/src/GridText.c
15 @@ -9400,8 +9400,8 @@
16 /*
17 * Set SIZE.
18 */
19 - if (I->size != NULL) {
20 - f->size = atoi(I->size);
21 + if (I->size != 0) {
22 + f->size = I->size;
23 /*
24 * Leave at zero for option lists.
25 */
26 diff -u lynx-cur-2.8.5/src/HTForms.h lynx-cur-2.8.5/src/HTForms.h
27 --- lynx-cur-2.8.5/src/HTForms.h
28 +++ lynx-cur-2.8.5/src/HTForms.h
29 @@ -40,7 +40,7 @@
30 CONST char *md;
31 CONST char *min;
32 CONST char *name;
33 - CONST char *size;
34 + int size;
35 CONST char *src;
36 CONST char *type;
37 char *value;
38 diff -u lynx-cur-2.8.5/src/HTML.c lynx-cur-2.8.5/src/HTML.c
39 --- lynx-cur-2.8.5/src/HTML.c
40 +++ lynx-cur-2.8.5/src/HTML.c
41 @@ -91,6 +91,19 @@
42 /* from Curses.h */
43 extern int LYcols;
44
45 +#define DFT_TEXTAREA_COLS 60
46 +#define DFT_TEXTAREA_ROWS 4
47 +
48 +#define MAX_TEXTAREA_COLS LYcolLimit
49 +#define MAX_TEXTAREA_ROWS (3 * LYlines)
50 +
51 +#define LimitValue(name, value) \
52 + if (name > value) { \
53 + CTRACE((tfp, "Limited " #name " to %d, was %d\n", \
54 + value, name)); \
55 + name = value; \
56 + }
57 +
58 struct _HTStream {
59 CONST HTStreamClass * isa;
60 #ifdef SOURCE_CACHE
61 @@ -4709,7 +4722,7 @@
62 I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
63 I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
64 I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
65 - I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
66 + I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
67 I.type=NULL; I.value=NULL; I.width=NULL;
68 I.accept_cs = NULL;
69 I.name_cs = ATTR_CS_IN;
70 @@ -4895,7 +4908,7 @@
71 I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
72 I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
73 I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
74 - I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
75 + I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
76 I.type=NULL; I.value=NULL; I.width=NULL;
77 I.accept_cs = NULL;
78 I.name_cs = ATTR_CS_IN;
79 @@ -5207,7 +5220,7 @@
80 I.checked = YES;
81 if (present && present[HTML_INPUT_SIZE] &&
82 value[HTML_INPUT_SIZE] && *value[HTML_INPUT_SIZE])
83 - I.size = value[HTML_INPUT_SIZE];
84 + I.size = atoi(value[HTML_INPUT_SIZE]);
85 if (present && present[HTML_INPUT_MAXLENGTH] &&
86 value[HTML_INPUT_MAXLENGTH] && *value[HTML_INPUT_MAXLENGTH])
87 I.maxlength = value[HTML_INPUT_MAXLENGTH];
88 @@ -5446,26 +5459,28 @@
89 if (present && present[HTML_TEXTAREA_COLS] &&
90 value[HTML_TEXTAREA_COLS] &&
91 isdigit(UCH(*value[HTML_TEXTAREA_COLS])))
92 - StrAllocCopy(me->textarea_cols, value[HTML_TEXTAREA_COLS]);
93 + me->textarea_cols = atoi(value[HTML_TEXTAREA_COLS]);
94 else {
95 int width;
96 width = LYcols - 1 -
97 me->new_style->leftIndent - me->new_style->rightIndent;
98 if (dump_output_immediately) /* don't waste too much for this */
99 - width = HTMIN(width, 60);
100 + width = HTMIN(width, DFT_TEXTAREA_COLS);
101 if (width > 1 && (width-1)*6 < MAX_LINE - 3 -
102 me->new_style->leftIndent - me->new_style->rightIndent)
103 - HTSprintf0(&me->textarea_cols, "%d", width);
104 + me->textarea_cols = width;
105 else
106 - StrAllocCopy(me->textarea_cols, "60");
107 + me->textarea_cols = DFT_TEXTAREA_COLS;
108 }
109 + LimitValue(me->textarea_cols, MAX_TEXTAREA_COLS);
110
111 if (present && present[HTML_TEXTAREA_ROWS] &&
112 value[HTML_TEXTAREA_ROWS] &&
113 isdigit(UCH(*value[HTML_TEXTAREA_ROWS])))
114 me->textarea_rows = atoi(value[HTML_TEXTAREA_ROWS]);
115 else
116 - me->textarea_rows = 4;
117 + me->textarea_rows = DFT_TEXTAREA_ROWS;
118 + LimitValue(me->textarea_rows, MAX_TEXTAREA_ROWS);
119
120 if (present && present[HTML_TEXTAREA_DISABLED])
121 me->textarea_disabled = YES;
122 @@ -5582,7 +5597,7 @@
123 I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
124 I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
125 I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
126 - I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
127 + I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
128 I.type=NULL; I.value=NULL; I.width=NULL;
129 I.accept_cs = NULL;
130 I.name_cs = -1;
131 @@ -7246,7 +7261,7 @@
132 I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
133 I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
134 I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
135 - I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
136 + I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
137 I.type=NULL; I.value=NULL; I.width=NULL;
138 I.value_cs = current_char_set;
139
140 @@ -7397,7 +7412,7 @@
141 }
142 I.value = temp;
143 chars = HText_beginInput(me->text, me->inUnderline, &I);
144 - for (chars = atoi(me->textarea_cols); chars > 0; chars--)
145 + for (chars = me->textarea_cols; chars > 0; chars--)
146 HTML_put_character(me, '_');
147 HText_appendCharacter(me->text, '\r');
148 if (*data == '\n') {
149 @@ -7422,7 +7437,6 @@
150 HTChunkClear(&me->textarea);
151 FREE(me->textarea_name);
152 me->textarea_name_cs = -1;
153 - FREE(me->textarea_cols);
154 FREE(me->textarea_id);
155 break;
156 }
157 @@ -7980,7 +7994,6 @@
158 FREE(me->map_address);
159 FREE(me->textarea_name);
160 FREE(me->textarea_accept_cs);
161 - FREE(me->textarea_cols);
162 FREE(me->textarea_id);
163 FREE(me->LastOptionValue);
164 FREE(me->xinclude);
165 @@ -8158,7 +8171,7 @@
166 me->textarea_name = NULL;
167 me->textarea_name_cs = -1;
168 me->textarea_accept_cs = NULL;
169 - me->textarea_cols = NULL;
170 + me->textarea_cols = 0;
171 me->textarea_rows = 4;
172 me->textarea_disabled = NO;
173 me->textarea_id = NULL;
174 diff -u lynx-cur-2.8.5/src/LYCurses.h lynx-cur-2.8.5/src/LYCurses.h
175 --- lynx-cur-2.8.5/src/LYCurses.h
176 +++ lynx-cur-2.8.5/src/LYCurses.h
177 @@ -320,6 +320,24 @@
178 extern int LYlines; /* replaces LINES */
179 extern int LYcols; /* replaces COLS */
180
181 +/*
182 + * The scrollbar, if used, occupies the rightmost column.
183 + */
184 +#ifdef USE_SCROLLBAR
185 +#define LYbarWidth (LYShowScrollbar ? 1 : 0)
186 +#else
187 +#define LYbarWidth 0
188 +#endif
189 +
190 +/*
191 + * Usable limits for display:
192 + */
193 +#if defined(FANCY_CURSES) || defined(USE_SLANG)
194 +#define LYcolLimit (LYcols - LYbarWidth)
195 +#else
196 +#define LYcolLimit (LYcols - 1)
197 +#endif
198 +
199 #ifdef USE_CURSES_PADS
200 extern WINDOW *LYwin;
201 extern int LYshiftWin;
202 only in patch2:
203 unchanged:
204 --- lynx-cur-2.8.5.orig/src/HTML.h
205 +++ lynx-cur-2.8.5/src/HTML.h
206 @@ -104,7 +104,7 @@
207 char * textarea_name;
208 int textarea_name_cs;
209 char * textarea_accept_cs;
210 - char * textarea_cols;
211 + int textarea_cols;
212 int textarea_rows;
213 int textarea_disabled;
214 char * textarea_id;
+6
-0
debian/rules less more
3030 patch -p0 < debian/patch-1
3131 patch -NRp0 < debian/patch-2 || true
3232 patch -p0 < debian/patch-2
33 patch -NRp1 < debian/patch-3 || true
34 patch -p1 < debian/patch-3
35 patch -NRp1 < debian/patch-4 || true
36 patch -p1 < debian/patch-4
3337 endef
3438
3539 define clean-dflt
40 patch -NRp1 < debian/patch-4 || true
41 patch -NRp1 < debian/patch-3 || true
3642 patch -NRp0 < debian/patch-2 || true
3743 patch -NRp0 < debian/patch-1 || true
3844 endef