[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Another Netscape Bug (and possible security hole)




Spent too much time last night playing with the Netscape bug;
among other things wrote some code to throw various random binary
URLs at Netscape. Netscape seems prepared to swallow the bait
as long as the URL does _not_ contain characters screened as
follows:

 if ((c != '"') && (c!='>') && (c!=0) && (c!='/') ) {

This means you can't plant 0x00, 0x22, 0x3e or 0x2f.

Anything else can be made to show up in various registers
after things go blooey.  I've only made it segfault in
different places so far, still working on getting it to do
something it wouldn't ordinarily do and not crash before
it does it.

[Working under Solaris 2.4; I may try my luck on Macs, since
this bug crashes the whole OS... need to load up debug tools
first though.]

Hope this helps others...

Doug