https://bugzilla.novell.com/show_bug.cgi?id=230775 Summary: VUL-0: w3m format string problem in displaying SSL certificates Product: openSUSE 10.2 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem AssignedTo: max@novell.com ReportedBy: meissner@novell.com QAContact: qa@suse.de CC: security-team@suse.de http://sourceforge.net/tracker/index.php?func=detail&aid=1612792&group_id=39... crashes on -dump or -backend with "%n%n" in SSL certificate w3m-0.5.1 crashes when using the -dump or -backend options to open a HTTPS URL with a SSL certificate where the CN contains "%n%n%n%n%n%n". Here is a session capture and a patch. bb:~# apt-get install apache-ssl Reading package lists... Done Building dependency tree... Done Suggested packages: apache-doc The following NEW packages will be installed apache-ssl 0 upgraded, 1 newly installed, 0 to remove and 0 not upgraded. Need to get 0B/495kB of archives. After unpacking 1098kB of additional disk space will be used. Preconfiguring packages ... Configuring apache-ssl ---------------------- suExec is a feature of apache where CGI scripts are run by the user who owns the script. It is useful if your users have CGI access and don't trust each other. Enable suExec? n Selecting previously deselected package apache-ssl. (Reading database ... 149366 files and directories currently installed.) Unpacking apache-ssl (from .../apache-ssl_1.3.34-4_i386.deb) ... Setting up apache-ssl (1.3.34-4) ... Configure an SSL Certificate. ----------------------------- The two letter code for your Country. (e.g. GB) (countryName) Country Name DE Your state, county or province. (stateOrProvinceName) State or Province Name Berlin The name of the city or town that you live in. (localityName) Locality Name Berlin The name of the company or organisation the certificate is for. (organisationName) Organisation Name bb The Division or section of the organisation the certificate is for. (organisationalUnitName) Organisational Unit Name bb The host name of the server the certificate is for. This must be filled in. (commonName) Host Name %n%n%n%n%n%n%n%n%n%n%n%n.bb.de The email address that should be associated with the certificate. Email Address aa@bb Creating config file /etc/apache-ssl/httpd.conf with new version Creating config file /etc/apache-ssl/srm.conf with new version Creating config file /etc/apache-ssl/access.conf with new version Creating config file /etc/apache-ssl/modules.conf with new version Starting apache-ssl 1.3 web server.... bb:~# exit logout aa@bb:~/W3M$ ./w3m -version w3m version w3m/0.5.1, options lang=en,m17n,image,color,ansi-color,mouse,menu,cookie,ssl,ssl-verify,external-uri-loader,w3mmailer,nntp,ipv6,alarm,mark aa@bb:~/W3M$ ./w3m -dump https://localhost/ Segmentation fault aa@bb:~/W3M$ ./w3m -backend w3m> get https://localhost/ Segmentation fault aa@bb:~/W3M$ *** w3m-0.5.1/file.c.old 2004-04-16 20:47:19.000000000 +0200 --- w3m-0.5.1/file.c 2006-12-10 22:28:00.000000000 +0100 *************** *** 7799,7805 **** ans = inputChar(prompt); } else { ! printf(prompt); fflush(stdout); ans = Strfgets(stdin)->ptr; } --- 7799,7805 ---- ans = inputChar(prompt); } else { ! printf("%s", prompt); fflush(stdout); ans = Strfgets(stdin)->ptr; } -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.