[w3m] local cookie string is too easy to guess.
* fm.h (Local_cookie): deleted * local.c (Local_cookie): static (writeLocalCookie): localCookie() (setLocalCookie): deleted (localCookie): added * main.c (main): delete srand48(), setLocalCookie() (adBmark): s/Local_cookie/localCookie()/ * proto.h (setLocalCookie): deleted (localCookie): added * rc.c (load_option_panel): s/Local_cookie/localCookie()/ From: Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
This commit is contained in:
Fumitoshi UKAI
@@ -1,3 +1,17 @@
|
|||||||
|
2003-04-09 Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp>
|
||||||
|
|
||||||
|
* [w3m] local cookie string is too easy to guess.
|
||||||
|
* fm.h (Local_cookie): deleted
|
||||||
|
* local.c (Local_cookie): static
|
||||||
|
(writeLocalCookie): localCookie()
|
||||||
|
(setLocalCookie): deleted
|
||||||
|
(localCookie): added
|
||||||
|
* main.c (main): delete srand48(), setLocalCookie()
|
||||||
|
(adBmark): s/Local_cookie/localCookie()/
|
||||||
|
* proto.h (setLocalCookie): deleted
|
||||||
|
(localCookie): added
|
||||||
|
* rc.c (load_option_panel): s/Local_cookie/localCookie()/
|
||||||
|
|
||||||
2003-04-08 Fumitoshi UKAI <ukai@debian.or.jp>
|
2003-04-08 Fumitoshi UKAI <ukai@debian.or.jp>
|
||||||
|
|
||||||
* [w3m-dev 03858] configure cleanup
|
* [w3m-dev 03858] configure cleanup
|
||||||
@@ -7690,4 +7704,4 @@ a * [w3m-dev 03276] compile error on EWS4800
|
|||||||
* release-0-2-1
|
* release-0-2-1
|
||||||
* import w3m-0.2.1
|
* import w3m-0.2.1
|
||||||
|
|
||||||
$Id: ChangeLog,v 1.816 2003/04/07 16:39:23 ukai Exp $
|
$Id: ChangeLog,v 1.817 2003/04/08 16:01:37 ukai Exp $
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
/* $Id: fm.h,v 1.115 2003/04/07 16:27:10 ukai Exp $ */
|
/* $Id: fm.h,v 1.116 2003/04/08 16:01:38 ukai Exp $ */
|
||||||
/*
|
/*
|
||||||
* w3m: WWW wo Miru utility
|
* w3m: WWW wo Miru utility
|
||||||
*
|
*
|
||||||
@@ -976,7 +976,6 @@ global char *migemo_command init(DEF_MIGEMO_COMMAND);
|
|||||||
#endif /* USE_MIGEMO */
|
#endif /* USE_MIGEMO */
|
||||||
|
|
||||||
global struct auth_cookie *Auth_cookie init(NULL);
|
global struct auth_cookie *Auth_cookie init(NULL);
|
||||||
global Str Local_cookie init(NULL);
|
|
||||||
#ifdef USE_COOKIE
|
#ifdef USE_COOKIE
|
||||||
global struct cookie *First_cookie init(NULL);
|
global struct cookie *First_cookie init(NULL);
|
||||||
#endif /* USE_COOKIE */
|
#endif /* USE_COOKIE */
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
/* $Id: local.c,v 1.28 2003/02/08 18:23:53 ukai Exp $ */
|
/* $Id: local.c,v 1.29 2003/04/08 16:01:39 ukai Exp $ */
|
||||||
#include "fm.h"
|
#include "fm.h"
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
@@ -20,6 +20,7 @@
|
|||||||
#define CGIFN_LIBDIR 1
|
#define CGIFN_LIBDIR 1
|
||||||
#define CGIFN_CGIBIN 2
|
#define CGIFN_CGIBIN 2
|
||||||
|
|
||||||
|
static Str Local_cookie = NULL;
|
||||||
static char *Local_cookie_file = NULL;
|
static char *Local_cookie_file = NULL;
|
||||||
|
|
||||||
static void
|
static void
|
||||||
@@ -36,19 +37,24 @@ writeLocalCookie()
|
|||||||
f = fopen(Local_cookie_file, "wb");
|
f = fopen(Local_cookie_file, "wb");
|
||||||
if (!f)
|
if (!f)
|
||||||
return;
|
return;
|
||||||
|
localCookie();
|
||||||
fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f);
|
fwrite(Local_cookie->ptr, sizeof(char), Local_cookie->length, f);
|
||||||
fclose(f);
|
fclose(f);
|
||||||
chmod(Local_cookie_file, S_IRUSR | S_IWUSR);
|
chmod(Local_cookie_file, S_IRUSR | S_IWUSR);
|
||||||
}
|
}
|
||||||
|
|
||||||
/* setup cookie for local CGI */
|
/* setup cookie for local CGI */
|
||||||
void
|
Str
|
||||||
setLocalCookie()
|
localCookie()
|
||||||
{
|
{
|
||||||
char hostname[256];
|
char hostname[256];
|
||||||
gethostname(hostname, 256);
|
|
||||||
|
|
||||||
Local_cookie = Sprintf("%d.%ld@%s", CurrentPid, lrand48(), hostname);
|
if (Local_cookie)
|
||||||
|
return Local_cookie;
|
||||||
|
gethostname(hostname, 256);
|
||||||
|
srand48((long)New(char) + (long)time(NULL));
|
||||||
|
Local_cookie = Sprintf("%ld@%s", lrand48(), hostname);
|
||||||
|
return Local_cookie;
|
||||||
}
|
}
|
||||||
|
|
||||||
Str
|
Str
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
/* $Id: main.c,v 1.221 2003/04/07 15:24:01 ukai Exp $ */
|
/* $Id: main.c,v 1.222 2003/04/08 16:01:39 ukai Exp $ */
|
||||||
#define MAINPROGRAM
|
#define MAINPROGRAM
|
||||||
#include "fm.h"
|
#include "fm.h"
|
||||||
#include <signal.h>
|
#include <signal.h>
|
||||||
@@ -369,8 +369,6 @@ main(int argc, char **argv, char **envp)
|
|||||||
prepare_sys_errlist();
|
prepare_sys_errlist();
|
||||||
#endif /* not HAVE_SYS_ERRLIST */
|
#endif /* not HAVE_SYS_ERRLIST */
|
||||||
|
|
||||||
srand48(time(0));
|
|
||||||
|
|
||||||
NO_proxy_domains = newTextList();
|
NO_proxy_domains = newTextList();
|
||||||
fileToDelete = newTextList();
|
fileToDelete = newTextList();
|
||||||
|
|
||||||
@@ -742,7 +740,6 @@ main(int argc, char **argv, char **envp)
|
|||||||
#ifdef USE_COOKIE
|
#ifdef USE_COOKIE
|
||||||
initCookie();
|
initCookie();
|
||||||
#endif /* USE_COOKIE */
|
#endif /* USE_COOKIE */
|
||||||
setLocalCookie(); /* setup cookie for local CGI */
|
|
||||||
#ifdef USE_HISTORY
|
#ifdef USE_HISTORY
|
||||||
if (UseHistory)
|
if (UseHistory)
|
||||||
loadHistory(URLHist);
|
loadHistory(URLHist);
|
||||||
@@ -4009,7 +4006,7 @@ adBmark(void)
|
|||||||
FormList *request;
|
FormList *request;
|
||||||
|
|
||||||
tmp = Sprintf("mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
|
tmp = Sprintf("mode=panel&cookie=%s&bmark=%s&url=%s&title=%s",
|
||||||
(Str_form_quote(Local_cookie))->ptr,
|
(Str_form_quote(localCookie()))->ptr,
|
||||||
(Str_form_quote(Strnew_charp(BookmarkFile)))->ptr,
|
(Str_form_quote(Strnew_charp(BookmarkFile)))->ptr,
|
||||||
(Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))->
|
(Str_form_quote(parsedURL2Str(&Currentbuf->currentURL)))->
|
||||||
ptr,
|
ptr,
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
/* $Id: proto.h,v 1.91 2003/02/18 15:43:25 ukai Exp $ */
|
/* $Id: proto.h,v 1.92 2003/04/08 16:01:40 ukai Exp $ */
|
||||||
/*
|
/*
|
||||||
* This file was automatically generated by version 1.7 of cextract.
|
* This file was automatically generated by version 1.7 of cextract.
|
||||||
* Manual editing not recommended.
|
* Manual editing not recommended.
|
||||||
@@ -581,7 +581,7 @@ extern char *etcFile(char *base);
|
|||||||
extern char *auxbinFile(char *base);
|
extern char *auxbinFile(char *base);
|
||||||
extern char *libFile(char *base);
|
extern char *libFile(char *base);
|
||||||
extern char *helpFile(char *base);
|
extern char *helpFile(char *base);
|
||||||
extern void setLocalCookie(void);
|
extern Str localCookie(void);
|
||||||
extern Str loadLocalDir(char *dirname);
|
extern Str loadLocalDir(char *dirname);
|
||||||
extern void set_environ(char *var, char *value);
|
extern void set_environ(char *var, char *value);
|
||||||
extern FILE *localcgi_post(char *, char *, FormList *, char *);
|
extern FILE *localcgi_post(char *, char *, FormList *, char *);
|
||||||
|
|||||||
@@ -1,4 +1,4 @@
|
|||||||
/* $Id: rc.c,v 1.83 2003/04/06 16:27:54 ukai Exp $ */
|
/* $Id: rc.c,v 1.84 2003/04/08 16:01:40 ukai Exp $ */
|
||||||
/*
|
/*
|
||||||
* Initialization file etc.
|
* Initialization file etc.
|
||||||
*/
|
*/
|
||||||
@@ -1458,7 +1458,7 @@ Buffer *
|
|||||||
load_option_panel(void)
|
load_option_panel(void)
|
||||||
{
|
{
|
||||||
Str src = Sprintf(optionpanel_src1, html_quote(w3m_version),
|
Str src = Sprintf(optionpanel_src1, html_quote(w3m_version),
|
||||||
html_quote(Local_cookie->ptr), CMT_HELPER);
|
html_quote(localCookie()->ptr), CMT_HELPER);
|
||||||
struct param_ptr *p;
|
struct param_ptr *p;
|
||||||
struct sel_c *s;
|
struct sel_c *s;
|
||||||
int x, i;
|
int x, i;
|
||||||
|
|||||||
Reference in New Issue
Block a user