From: tomw@orac.engr.sgi.com (Tom Weinstein)
Date: Wed, 4 Oct 95 08:18:52 PDT
To: Ray Cromwell <rjc@clark.net>
Subject: Re: New Netscape bug (in version 1.12)
In-Reply-To: <199510031438.HAA06918@orac.engr.sgi.com>
Message-ID: <199510041513.IAA01471@orac.engr.sgi.com>
MIME-Version: 1.0
Content-Type: text/plain


In article <199510040204.WAA22162@clark.net>, Ray Cromwell <rjc@clark.net> writes:

>> This is a bug in your X server, not in netscape.  The X server should
>> never crash no matter what you send to it.

>   That's true, but it is also true that Netscape should also be
> performing some sanity checking on input rather than relying on 
> the supporting libraries to be secure. Remember, a hole is a hole.
> The last sendmail bug was a buffer overflow in syslog, however,
> sendmail still got patched to do bounds checking on the strings
> it was passing to syslog. 

>   It looks like this is only bug on BSDI2.0/XAccel, and NT3.5/NS1.1. But
> is it wise for netscape to be sending 10,000 character strings to GUI
> functions anyway? 

It's absolutely okay for netscape to send long character strings to the
X server.  In fact, all it's probably doing is putting long character
strings into a Motif widget, which then sends them to the X server.
This is also totally okay.

-- 
Sure we spend a lot of money, but that doesn't mean    |  Tom Weinstein
we *do* anything.  --  Washington DC motto             |  tomw@engr.sgi.com