]>
Commit | Line | Data |
---|---|---|
e1178872 ER |
1 | --- lynx2-8-5/src/LYCgi.c.cve-2005-2929 2004-02-02 13:02:28.000000000 -0700 |
2 | +++ lynx2-8-5/src/LYCgi.c 2005-11-12 09:57:35.832520625 -0700 | |
3 | @@ -140,6 +140,40 @@ | |
4 | } | |
5 | } | |
6 | ||
7 | +#ifdef LYNXCGI_LINKS | |
8 | +/* | |
9 | + * Wrapper for exec_ok(), confirming with user if the link text is not visible | |
10 | + * in the status line. | |
11 | + */ | |
12 | +static BOOL can_exec_cgi(const char *linktext, const char *linkargs) | |
13 | +{ | |
14 | + const char *format = gettext("Do you want to execute \"%s\"?"); | |
15 | + char *message = NULL; | |
16 | + char *command = NULL; | |
17 | + char *p; | |
18 | + BOOL result = TRUE; | |
19 | + | |
20 | + if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) { | |
21 | + /* exec_ok gives out msg. */ | |
22 | + result = FALSE; | |
23 | + } else if (user_mode < ADVANCED_MODE) { | |
24 | + StrAllocCopy(command, linktext); | |
25 | + if (non_empty(linkargs)) { | |
26 | + HTSprintf(&command, " %s", linkargs); | |
27 | + } | |
28 | + HTUnEscape(command); | |
29 | + for (p = command; *p; ++p) | |
30 | + if (*p == '+') | |
31 | + *p = ' '; | |
32 | + HTSprintf0(&message, format, command); | |
33 | + result = HTConfirm(message); | |
34 | + FREE(message); | |
35 | + FREE(command); | |
36 | + } | |
37 | + return result; | |
38 | +} | |
39 | +#endif /* LYNXCGI_LINKS */ | |
40 | + | |
41 | #ifdef __MINGW32__ | |
42 | PRIVATE int LYLoadCGI ARGS4( | |
43 | CONST char *, arg, | |
44 | @@ -281,8 +315,7 @@ | |
45 | strcmp(arg, HTLoadedDocumentURL()) && | |
46 | HText_AreDifferent(anAnchor, arg) && | |
47 | HTUnEscape(orig_pgm) && | |
48 | - !exec_ok(HTLoadedDocumentURL(), orig_pgm, | |
49 | - CGI_PATH)) { /* exec_ok gives out msg. */ | |
50 | + !can_exec_cgi(orig_pgm, "")) { | |
51 | /* | |
52 | * If we have extra path info and are not just reloading | |
53 | * the current, check the full file path (after unescaping) | |
54 | @@ -313,8 +346,7 @@ | |
55 | !(reloading && anAnchor->document) && | |
56 | strcmp(arg, HTLoadedDocumentURL()) && | |
57 | HText_AreDifferent(anAnchor, arg) && | |
58 | - !exec_ok(HTLoadedDocumentURL(), pgm, | |
59 | - CGI_PATH)) { /* exec_ok gives out msg. */ | |
60 | + !can_exec_cgi(pgm, pgm_args)) { | |
61 | /* | |
62 | * If we are reloading a lynxcgi document that had already been | |
63 | * loaded, the various checks above should allow it even if | |
64 | --- lynx2-8-5/src/LYGetFile.c.CVE-2005-2929 2003-06-02 02:16:28.000000000 +0100 | |
65 | +++ lynx2-8-5/src/LYGetFile.c 2005-11-11 18:03:27.000000000 +0000 | |
66 | @@ -1478,6 +1478,8 @@ | |
67 | if (strstr(command,"//") == linktext) { | |
68 | command += 2; | |
69 | } | |
70 | + CTRACE((tfp, "comparing source\n\t'%s'\n\t'%s'\n", source, tp->src)); | |
71 | + CTRACE((tfp, "comparing command\n\t'%s'\n\t'%s'\n", command, tp->path)); | |
72 | if (STRNADDRCOMP(source, tp->src, strlen(tp->src)) == 0 && | |
73 | STRNADDRCOMP(command, tp->path, strlen(tp->path)) == 0) | |
74 | return TRUE; | |
75 | --- lynx2-8-5/CHANGES.CVE-2005-2929 2005-11-11 18:02:29.000000000 +0000 | |
76 | +++ lynx2-8-5/CHANGES 2005-11-11 18:08:10.000000000 +0000 | |
77 | @@ -3,6 +3,13 @@ | |
78 | * eliminate fixed-size buffers in HTrjis() and related functions to avoid | |
79 | potential buffer overflow in nntp pages (report by Ulf Harnhammar) -TD | |
80 | ||
81 | +2005-10-30 (2.8.6dev.15) | |
82 | +* modify LYLoadCGI() to prompt user, displaying the command that would be | |
83 | + executed, to confirm that it should be. This makes it easier to notice when | |
84 | + a local program would be run by activating a lynxcgi link. This is not done | |
85 | + in advanced mode, since the URL is already visible in the status line (report | |
86 | + by vade79, comments by Greg MacManus) -TD | |
87 | + | |
88 | 2003-06-01 (2.8.5dev.16) | |
89 | + add zh_CN.po from | |
90 | http://www.iro.umontreal.ca/contrib/po/maint/lynx/ |