You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
61 lines
2.0 KiB
61 lines
2.0 KiB
From c60c227ab9a36246730d7454e33d40d2c66c88b3 Mon Sep 17 00:00:00 2001 |
|
From: Kamil Dudka <kdudka@redhat.com> |
|
Date: Wed, 13 Feb 2013 15:26:22 +0100 |
|
Subject: [PATCH] fix CVE-2008-4690 |
|
|
|
prompt user before executing command via a lynxcgi link even in advanced mode, |
|
as the actual URL may not be shown but hidden behind an HTTP redirect and set |
|
TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default |
|
--- |
|
CHANGES | 7 +++++++ |
|
lynx.cfg | 2 +- |
|
src/LYCgi.c | 2 +- |
|
3 files changed, 9 insertions(+), 2 deletions(-) |
|
|
|
diff --git a/CHANGES b/CHANGES |
|
index 360be68..8eca013 100644 |
|
--- a/CHANGES |
|
+++ b/CHANGES |
|
@@ -1355,6 +1355,13 @@ Changes since Lynx 2.8 release |
|
* update win32 makefiles/build scripts to add LYmktime, parsdate modules -TD |
|
* update config.guess (2008-04-14), config.sub (2008-06-16) |
|
|
|
+2008-10-26 |
|
+* modify patch for CVE-2005-2929 to prompt user before executing command via |
|
+ a lynxcgi link even in advanced mode, as the actual URL may not be shown but |
|
+ hidden behind an HTTP redirect |
|
+* set TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default |
|
+ [CVE-2008-4690] |
|
+ |
|
2008-09-21 (2.8.7dev.10) |
|
* remove rw.po, since the translation project no longer supplies it -TD |
|
* implement "readonly" attribute for TEXTAREA and TEXT fields -TD |
|
diff --git a/lynx.cfg b/lynx.cfg |
|
index ee2aad3..144050d 100644 |
|
--- a/lynx.cfg |
|
+++ b/lynx.cfg |
|
@@ -1087,7 +1087,7 @@ LOCALE_CHARSET:TRUE |
|
# |
|
# The default TRUSTED_LYNXCGI rule is "none". |
|
# |
|
-#TRUSTED_LYNXCGI:none |
|
+TRUSTED_LYNXCGI:none |
|
|
|
.h2 LYNXCGI_ENVIRONMENT |
|
# Unix: |
|
diff --git a/src/LYCgi.c b/src/LYCgi.c |
|
index 832bb89..0ae8a7e 100644 |
|
--- a/src/LYCgi.c |
|
+++ b/src/LYCgi.c |
|
@@ -167,7 +167,7 @@ static BOOL can_exec_cgi(const char *linktext, const char *linkargs) |
|
if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) { |
|
/* exec_ok gives out msg. */ |
|
result = FALSE; |
|
- } else { |
|
+ } else if (user_mode < ADVANCED_MODE) { |
|
StrAllocCopy(command, linktext); |
|
if (non_empty(linkargs)) { |
|
HTSprintf(&command, " %s", linkargs); |
|
-- |
|
1.7.1 |
|
|
|
|