storm/w3m
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2,387 Commits 2 Branches 0 Tags
f00b5652087955183e1d4b77997dba60134ed7c8
Commit Graph

51 Commits

Author SHA1 Message Date
NRK
d9284b1193 fix some -Wstrict-prototypes warnings 2022-04-29 15:59:13 +06:00
Rene Kita
ba29eb3fcf Check for end of string when parsing Gopher URLs 
This fixes issue #199 reported by Kuang-che Wu.

A specially crafted Gopher URL (e.g. '<a href=gopher:R>') could lead to
an out-of-bounds read.

Problem here was, that 'p' was incremented twice without checking for
the end of the string.

The interesting question for me is: What does this 'if' actually check?
What is special here about the 'R'? I did not find anything related in
RFC 1436 or in RFC 4266.
 2022-02-17 12:46:07 +01:00
Tatsuya Kinoshita
59ea885da0 Treat 127.0.0.1, [::1], and hostname as localhost 2021-04-23 20:16:50 +09:00
Tatsuya Kinoshita
17a3df7440 New option localhost_only to restrict connections only to localhost 
Bug-Debian: https://github.com/tats/w3m/issues/117
 2021-04-17 17:42:01 +09:00
Tatsuya Kinoshita
22d33dc8c9 New option cross_origin_referer to use origin only Referer 2021-04-10 22:29:18 +09:00
Tatsuya Kinoshita
4e0375c76f Don't include username in Referer 2021-04-10 12:19:58 +09:00
Tatsuya Kinoshita
4e2cfffd88 Don't set Referer when data URI scheme 2021-04-10 11:14:26 +09:00
Tatsuya Kinoshita
c4f588fbb7 New option ssl_ca_default to explicitly use OpenSSL default paths 2021-02-28 18:35:42 +09:00
Tatsuya Kinoshita
4f77fb88e2 Don't fallback when SSL_CTX_load_verify_locations fails 2021-02-22 23:42:10 +09:00
Tatsuya Kinoshita
b6d29622b8 Don't use SSL_CTX_set_default_verify_paths when not USE_SSL_VERIFY 2021-02-22 23:42:10 +09:00
Tatsuya Kinoshita
1644c3b897 Use ssl_ca_file and ssl_ca_path only when ssl_verify_server 2021-02-13 13:56:00 +09:00
Tatsuya Kinoshita
2cbf7f704d Check empty string conditions for ssl_ca_file and ssl_ca_path 2021-02-12 23:49:47 +09:00
Tatsuya Kinoshita
f0d17fecc4 Fix OpenSSL default always overrides ssl_ca_file and ssl_ca_path 2021-02-12 23:06:23 +09:00
Tatsuya Kinoshita
78eac4e57c Mention -insecure option as a workaround for SSL error 
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900984
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934493
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953045
 2021-02-11 19:37:22 +09:00
Tatsuya Kinoshita
fb9f1c0356 Update ssl_min_version to accept "all" and reject "SSLv2" 2021-02-11 19:37:17 +09:00
Tatsuya Kinoshita
707b02d256 Mention ssl_* options as a workaround for SSL error 
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900984
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934493
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953045
 2021-02-10 21:53:20 +09:00
Tatsuya Kinoshita
4f4d692321 New option ssl_min_version for OpenSSL 1.1 2021-02-10 21:51:44 +09:00
Tatsuya Kinoshita
c01675d342 New option ssl_cipher to specify ciphers for TLSv1.2 and below 2021-02-10 20:01:56 +09:00
Tatsuya Kinoshita
892f37ee2a Use the default ciphers for OpenSSL 1.1 and later 
cf. https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
    36f14df378/f/Fix-the-cipher-list-string-to-ensure-that-it-contain.patch
    https://fedoraproject.org/wiki/Packaging:CryptoPolicies
 2020-12-16 19:41:48 +09:00
bptato
7dcc7ccff1 Add support for Gopher items 5 and I 2020-12-02 22:54:49 +01:00
bptato
ba6bed3cb1 Remove useless loop 2020-11-07 23:30:53 +01:00
bptato
30f873ddb1 Remove unnecessary variable assignment 2020-11-07 23:16:41 +01:00
bptato
171db89cc2 Support Gopher items search (7) and binary file (9) 2020-11-07 23:12:35 +01:00
bptato
26876fc89b Moved back filetype indicator to the beginning of file names 2020-10-21 16:31:05 +02:00
bptato
4bc97ce307 Improved gopher support 2020-10-21 12:56:36 +02:00
Bruno Haible
0efa713058 Add support for file://hostname/... URLs 
Origin: https://github.com/tats/w3m/files/3488813/file-hostname-support.diff.gz
Bug-Debian: https://github.com/tats/w3m/issues/120
 2020-09-15 20:19:50 +09:00
Tatsuya Kinoshita
91953baf07 Extend ssl_forbid_method for TLSv1.2 and TLSv1.3 2020-03-11 19:33:34 +09:00
Azure
83e072d6d5 Allow setting User Agent in Siteconf 
Since Google gives usable search results to Lynx but not to w3m, and
many other sites block Lynx but /not/ w3m, we want to be able to set
the User Agent string on a per-site basis.
 2019-06-30 12:15:22 -04:00
Laurent Arnoud
b06d1f6a02 Allow to override UserAgent 
Adding on command line the user agent add a duplicate header:

```
./w3m -header "User-Agent: Mozilla" http://localhost:9999

GET / HTTP/1.0
User-Agent: w3m/0.5.3+git20190105
Accept: text/html, text/*;q=0.5, image/*, application/*, message/*, x-scheme-handler/*, audio/*, video/*, inode/*
Accept-Encoding: gzip, compress, bzip, bzip2, deflate
Accept-Language: en;q=1.0
Host: localhost:9999
Pragma: no-cache
Cache-control: no-cache
User-Agent: Mozilla
```

As a result most server will take the first given; the default
w3m_version or the one defined on config `user_agent`

With this patch we can now override `User-Agent` from command line
 2019-04-21 21:47:52 +02:00
Tatsuya Kinoshita
8c32ce830c Indentation fix 2018-10-26 21:13:46 +09:00
Mark Wright
d10007a2c6 Do not use deprecated features with openssl-1.1 2018-10-24 16:00:04 +02:00
Jia Zhouyang
7a49f77b1e Add error handling code for fopen 
Check the return code of fopen, and return when it fails.
 2018-03-04 20:57:08 +08:00
Tatsuya Kinoshita
762e28dc89 Fix multi-character character constant for ssl_forbid_method 2018-01-06 19:49:57 +09:00
se
1b23ebf644 Extend ssl_forbid_method to disable TLSv1.1 
Origin: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874218#5
 2018-01-06 19:10:52 +09:00
Tatsuya Kinoshita
ba9d78faeb Prevent global-buffer-overflow in parseURL() 
Bug-Debian: https://github.com/tats/w3m/issues/41
 2016-11-17 20:19:55 +09:00
Leo Famulari
631784149d Disable RC4 
Origin: http://git.savannah.gnu.org/cgit/guix.git/commit/?id=62339e2d493bf87a3aabe12e45458581e9705d83
 2016-03-30 20:48:53 +09:00
Tatsuya Kinoshita
d6a7f19015 Fix variable is reassigned a value before the old one has been used 2016-03-29 19:18:15 +09:00
Tatsuya Kinoshita
686a824dd4 Fix style of array index is used before limits check 
Bug: https://sourceforge.net/p/w3m/feature-requests/25/
 2016-03-29 19:12:56 +09:00
David Crosby
7e5b33c30e Remove dead assignments flagged by Clang static analysis 2015-08-11 21:59:27 +09:00
Alan Grow
73ba2d1881 http requests: use Content-Length instead of Content-length 2015-08-10 06:29:55 +09:00
Tatsuya Kinoshita
7d9af1f4b9 Merge branch 'bug/weak-ciphers' 2014-06-23 23:06:17 +09:00
Tatsuya Kinoshita
3335b5e824 Disable ciphers that use keys smaller than 128 bits 
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/w3m/+bug/1325674
 2014-06-23 22:32:21 +09:00
Tatsuya Kinoshita
a9a6c4924e Merge branch 'bug/openssl' 2013-11-08 00:11:41 +09:00
Cristian Rodriguez
e3e5821562 Use SSL_MODE_RELEASE_BUFFERS if available 
Patch from openSUSE on 2012-11-12:
https://build.opensuse.org/request/show/141054
 2013-11-07 23:32:59 +09:00
Cristian Rodriguez
095195f629 Use SSL_OP_NO_COMPRESSION if available 
Due to the "CRIME attack" (CVE-2012-4929) HTTPS clients
that negotiate TLS-level compression can be abused for
MITM attacks.

Patch from openSUSE on 2012-11-12:
https://build.opensuse.org/request/show/141054
 2013-11-07 23:29:54 +09:00
Tatsuya Kinoshita
54b9076584 Merge branch 'bug/schemebug' 2013-10-14 23:04:23 +09:00
AIDA Shinra
c155b93830 Define schemeNumToName() to fix scheme bug 
Patch from <http://www.j10n.org/files/w3m-cvs-1.1055-schemebug.patch>,
[w3m-dev:04470] on 2013-10-14.
 2013-10-14 22:39:55 +09:00
Tatsuya Kinoshita
a32bf68c85 Support the siteconf feature 
Patch to support the siteconf feature, from [w3m-dev 04463]
on 2012-06-27, provided by AIDA Shinra.
 2013-04-08 21:48:49 +09:00
Tatsuya Kinoshita
5397d09e58 Adding upstream version 0.5.3 2011-05-04 16:41:45 +09:00
Tatsuya Kinoshita
6db339b3d7 Adding upstream version 0.5.2 2011-05-04 16:23:02 +09:00