[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New Netscape bug (in version 1.12)

To: Ray Cromwell <[email protected]>
Subject: Re: New Netscape bug (in version 1.12)
From: [email protected] (Tom Weinstein)
Date: Wed, 4 Oct 1995 08:13:22 -0700
Cc: [email protected]
In-Reply-To: <[email protected]>
References: <[email protected]><[email protected]>
Reply-To: [email protected]
Sender: [email protected]

In article <[email protected]>, Ray Cromwell <[email protected]> writes:

>> This is a bug in your X server, not in netscape.  The X server should
>> never crash no matter what you send to it.

>   That's true, but it is also true that Netscape should also be
> performing some sanity checking on input rather than relying on 
> the supporting libraries to be secure. Remember, a hole is a hole.
> The last sendmail bug was a buffer overflow in syslog, however,
> sendmail still got patched to do bounds checking on the strings
> it was passing to syslog. 

>   It looks like this is only bug on BSDI2.0/XAccel, and NT3.5/NS1.1. But
> is it wise for netscape to be sending 10,000 character strings to GUI
> functions anyway? 

It's absolutely okay for netscape to send long character strings to the
X server.  In fact, all it's probably doing is putting long character
strings into a Motif widget, which then sends them to the X server.
This is also totally okay.

-- 
Sure we spend a lot of money, but that doesn't mean    |  Tom Weinstein
we *do* anything.  --  Washington DC motto             |  [email protected]

References:
- Re: New Netscape bug (in version 1.12)
  - From: [email protected] (Tom Weinstein)
- Re: New Netscape bug (in version 1.12)
  - From: Ray Cromwell <[email protected]>

Prev by Date: PIZ_zaz
Next by Date: Re: New Windoze PGP Shell (freeware) worth checking out
Prev by thread: Re: New Netscape bug (in version 1.12)
Next by thread: Re: New Netscape bug (in version 1.12)
Index(es):
- Date
- Thread