-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fix a crash in elinks mime handling. Patches from upstream.
OK landry@
- Loading branch information
Edd Barrett
committed
Aug 3, 2011
1 parent
0618837
commit f236a10
Showing
3 changed files
with
52 additions
and
2 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,31 @@ | ||
| $OpenBSD: patch-src_mime_backend_mailcap_c,v 1.1 2011/08/03 12:51:24 edd Exp $ | ||
|
|
||
| mailcap bug 1113: Don't leak values of duplicate fields | ||
| (related to bug 869 patch) | ||
| http://bugzilla.elinks.cz/show_bug.cgi?id=1113 | ||
|
|
||
| --- src/mime/backend/mailcap.c.orig Sat Aug 22 12:15:08 2009 | ||
| +++ src/mime/backend/mailcap.c Wed Aug 3 01:14:40 2011 | ||
| @@ -289,7 +289,11 @@ parse_optional_fields(struct mailcap_entry *entry, uns | ||
| entry->copiousoutput = 1; | ||
|
|
||
| } else if (!c_strncasecmp(field, "test", 4)) { | ||
| - entry->testcommand = get_mailcap_field_text(field + 4); | ||
| + /* Don't leak memory if a corrupted mailcap | ||
| + * file has multiple test commands in the same | ||
| + * line. */ | ||
| + mem_free_set(&entry->testcommand, | ||
| + get_mailcap_field_text(field + 4)); | ||
| if (!entry->testcommand) | ||
| return 0; | ||
|
|
||
| @@ -301,7 +305,8 @@ parse_optional_fields(struct mailcap_entry *entry, uns | ||
| } | ||
|
|
||
| } else if (!c_strncasecmp(field, "description", 11)) { | ||
| - entry->description = get_mailcap_field_text(field + 11); | ||
| + mem_free_set(&entry->description, | ||
| + get_mailcap_field_text(field + 11)); | ||
| if (!entry->description) | ||
| return 0; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,19 @@ | ||
| $OpenBSD: patch-src_session_download_c,v 1.1 2011/08/03 12:51:24 edd Exp $ | ||
|
|
||
| bug 869: fix a buffer overflow segfault in do_type_query | ||
| http://bugzilla.elinks.cz/show_bug.cgi?id=869 | ||
|
|
||
| --- src/session/download.c.orig Sat Aug 22 12:15:08 2009 | ||
| +++ src/session/download.c Wed Aug 3 01:14:40 2011 | ||
| @@ -1090,10 +1090,7 @@ do_type_query(struct type_query *type_query, unsigned | ||
| } | ||
|
|
||
| if (handler && handler->program) { | ||
| - int programlen = strlen(handler->program); | ||
| - | ||
| - programlen = int_max(programlen, MAX_STR_LEN); | ||
| - memcpy(field, handler->program, programlen); | ||
| + safe_strncpy(field, handler->program, MAX_STR_LEN); | ||
| } | ||
|
|
||
| /* xgettext:no-c-format */ |