From: Ray Cromwell <rjc@clark.net>
Date: Tue, 3 Oct 95 23:13:45 PDT
To: tomw@cthulhu.engr.sgi.com
Subject: Re: New Netscape bug (in version 1.12)
In-Reply-To: <199510031438.HAA06918@orac.engr.sgi.com>
Message-ID: <199510040204.WAA22162@clark.net>
MIME-Version: 1.0
Content-Type: text/plain


> In article <DFv6uo.4so@sgi.sgi.com>, Ray Cromwell <rjc@clark.net> writes:
> 
> > This bug doesn't seem to crash Netscape, instead, it crashes my XServer
> > as soon as the mail window pops op. I'm too tired right now to try to
> > analyze it, but it might be another stack bug, this time, in the X
> > libraries because Netscape isn't doing any sanity checking.
> 
> This is a bug in your X server, not in netscape.  The X server should
> never crash no matter what you send to it.

  That's true, but it is also true that Netscape should also be
performing some sanity checking on input rather than relying on 
the supporting libraries to be secure. Remember, a hole is a hole.
The last sendmail bug was a buffer overflow in syslog, however,
sendmail still got patched to do bounds checking on the strings
it was passing to syslog. 

  It looks like this is only bug on BSDI2.0/XAccel, and NT3.5/NS1.1. But
is it wise for netscape to be sending 10,000 character strings to GUI
functions anyway? 

-Ray