Commit: fix security bug in wv

From: Dom Lachowicz (
Date: Sun Dec 29 2002 - 11:35:27 EST

  • Next message: Daniel Yacob: "am-ET update"

    David Endler <> found an exploit
    in wv with respect to how it handles date and time
    fields. Via a little malicious hacking and ingenuity,
    one can cause a buffer overrun because a bit of code
    uses strcat. Using this, one can get wvHtml and
    possibly other things that use this function to
    execute arbitrary bytecode. I have committed what I
    believe is an adequate workaround for the problem at
    hand. Bonsai has the relevant files and lines changed.
    Alternate suggestions and solutions welcomed,
    especially in cvs diff -u format.


    CVS: Enter Log. Lines beginning with `CVS:' are
    removed automatically
    CVS: Committing in .
    CVS: Modified Files:
    CVS: field.c

    Do you Yahoo!?
    Yahoo! Mail Plus - Powerful. Affordable. Sign up now.

    This archive was generated by hypermail 2.1.4 : Sun Dec 29 2002 - 11:38:39 EST