[sword-devel] installmgr (and xiphos) crashes (svn 2831)
Jaak Ristioja
jaak at ristioja.ee
Wed Jun 26 06:21:56 MST 2013
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
The greatest bug here is that it tries to parse the webserver
directory listing output (which is what I think it does).
V E R Y V E R Y B A D P R A C T I C E ! ! !
On 26.06.2013 16:17, Jaak Ristioja wrote:
> Ok, the crash is caused by a NULL pointer dereference, because
>
> pBufRes = (char *)findSizeStart(pBuf);
>
> might return NULL after which
>
> pBuf = pBufRes;
>
> and
>
> pBuf++; pBuf = strstr(pBuf, "<a href=\"");
>
> are executed. The latter strstr expression tries to dereference
> (++((char*)NULL)) and crashes.
>
> Blessings, Jaak
>
> On 26.06.2013 16:12, Jaak Ristioja wrote:
>> This might not be directly related, but looking at
>> curlhttpt.cpp, the line:
>
>> sprintf(possibleName, "%.*s", possibleNameLength, pBuf);
>
>> Is a potential buffer overflow, because the possibleName buffer
>> is 400 bytes, but possibleNameLength is not checked to be < 400.
>> So the server might cause a buffer overflow. Imho this is a
>> security issue.
>
>> Looking at the quality of this code, I'm not suprised.
>
>> Blessings, Jaak
>
>> On 26.06.2013 15:51, Mark Trompell wrote:
>>> I'm trying to access a http repository
>>> (http://marktrompell.de/sword/) installmgr -r works fine, -rl
>>> too but installmgr segfaults on -ri Same for Xiphos, I can
>>> refresh and see what modules are there, but it crashes when I
>>> try to install. Probably the repository isn't properly setup,
>>> but nevertheless sword shouldn't crash. Attaching 2 backtraces,
>>> one from installmgr and the otherone from xiphos.
>
>>> Blessings Mark -- Mark Trompell
>
>>> Foresight Linux Xfce Edition Cause your desktop should be
>>> freaking cool (and Xfce)
>
>
>
>>> _______________________________________________ sword-devel
>>> mailing list: sword-devel at crosswire.org
>>> http://www.crosswire.org/mailman/listinfo/sword-devel
>>> Instructions to unsubscribe/change your settings at above page
>
>
>
>> _______________________________________________ sword-devel
>> mailing list: sword-devel at crosswire.org
>> http://www.crosswire.org/mailman/listinfo/sword-devel
>> Instructions to unsubscribe/change your settings at above page
>
>
>
> _______________________________________________ sword-devel mailing
> list: sword-devel at crosswire.org
> http://www.crosswire.org/mailman/listinfo/sword-devel Instructions
> to unsubscribe/change your settings at above page
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (GNU/Linux)
iQgcBAEBAgAGBQJRyurwAAoJEEqsYmEt1rCOwd0//0rPoeMOt2GDpAEgeF5MsTNE
NP40tHv1RNhOnn6R9EWUc83OM+ehumTFjpQ+JvGSn9wfkV2rNydYb2jlySbCDxEH
lkbxvL0GJzbk4I9oyPO3zxjLPxkQJDXICG42/mWA3F/XjRO/om9ayLHp7aC6gnpe
TMhD9NEY3yuPCsEF064UyIfaVISWZ+8sigsVWoVAELrjyUjsMyzs8Bkc4nmEeTFu
75vNspCYZByDHw7KterUPyszFhjeXugEnR4lz/ipGzWDKwGad8+t+3PLZaE6iOxd
P55V600nmEWrvFBDcJ9J+r0BDC0oQ+nEDFyqIWPbxNSoBWVNntdqTIRMoaQWE1fd
VsgEMI/GxDQpaiz5+K8nMMudqeQ8pM4QSnnJ1sLP/6O3Q1b/jNpLD+PuJUSDsva4
azbXpTA6Xwkr44sl50dwR+JKM5oLpwu14QtKEbue1JNIFwnqsE7xgH4rqQLMHJ2o
SqAg93SivXtLYIzWNLcpIXJrdmsP2TW/IJKdB8k19FKn0nXg081EuAIdAM1hE6+M
TnK5+pudul6u5P+f8OY2EGvlZx59e2NdrIlQAPTxs044er9hkzNdo+cwZjSlgNy/
QQyGXRBpgex7jLcwR1FL+45jjynSqO4Jjtsb1OkurCykas5JwHRudCCp3e+dhx5W
1PHMgUDC8XFw/zdXAZTOLt0pNz3cm+TYxZdEYlTg/KhoBccGqEHhCY65AaVyCVz3
pVNonMuqg4/hx+RlOAmvNE7o0DrvxZd31uJIsMb/mtyUV/qeBeeTDaqE0UBIIcJd
vFe+lkaG2Ahzt1UnrcaKS0ulD1XIl3fG1Mx/yqBnsliTpdx8xdCJzbPsfxW4bzRK
KWN/aKKgJQ+MNvaglYLwxP1l2eVThX6pnX0G9lxJNjFejji0ihXxYiuwifbdj29m
tVKt2F7EEz4gHtBINxCQcMv6/2YgXvsgi8DlALHqpq+AytYjMrBSYKBcMwptm6WE
WwoYYRKRb5PKGYCOs12EoZeyrFNqxlYckK9XN0RXeunWGBLi2yKxdA7EgXiiDQf6
bhnJvt7HJxjG1CFSoYHoNdGcsnwnkUmCb+YEaCZkh+incNBp2HMp+J8jydfMUMQD
ur/ZEwDCIBD6hoxMYoFcnrSqiehQOXWnC9nv05SfjWXIv/XMYiuUOinGpH+z9lkp
+wkAoOHoukz9vsIPCPqFySQjh+kfv5HqFtg5X7+bfE9VotB7lwubRXpI4MR7qK9M
ZRMSdRkFiednuVnrTYwyr6A4Y0clnoxKXgOPQIocKRn2qHlSByvCF95hM/45j3IM
uVKlIpIyFAKhQMn8Inod0Cf6YSdnJmTLM09kSruUEjUxpFaDV8LFs6SojRUDgPtk
GOi52UlJ9cBSeaJE01LmjkAe+7BQDqQNYc9bBLl50qj9bUFMZGBYPRTaxuc/Hijd
Tihcr+IqDXP/LE2JtGLoVhHXT0B3ZsmJgsS+e0+3l8QNIVZGNpUuKMi2pZqTqNHD
7vGfELo0Er6+9eXoEqa0cGFuM5JOLT9mStn25ztn4CKOFgmi2v0LOf+wcIIrJKJb
cssG8xqnUevyGuuqGBcvmmBOl13V4dKrawO5G4IwzD9hkCxraa+FjBjtAQIlpPrW
nz3gdY6L86j7s89MtEzDia4NUmcI0MZO5s6SEmRM9hh0J6dPZUKOqCSbmsy9cPek
HextQrZFt1/pdAZiBbWEYxcT7Wr/ATcX1Q+sRqj6t8HXA1DvfHyx9mPvgK+ooxYs
3iRW1SvxyYGaPLEdHMdNOzlU9/w7JkzIATFMVLDGj9tO3+JaxNaaLLq5dEU9A8cT
ZusvBM7ky1dqibMoChzYv4gAwGv23lT5XxuhQzcv6Gii0Uu3qiZrAHS64d98Jfvk
cv6GlBsKUGWv/KR/62mKa0kYPWoJ/Xze2I7pkPIvQ2kxyOlO0chd/XEOBZtdCp3X
TPI/UYEymzhyvMcwTtpEYgr12kV73AECAv66NrMTStcQGaYFjXH/d/yMTBpGubuB
FT5jUHj3UHBCfBDU+bZBvgELPDLOTqZXeh8QFyXYmUn3YchqwaaQnT9qePAk1+M+
c3r1AZqp9QQ78Qk9/CsZ1vGcV+cPAJeMag7C+AZQsQr48ugkFxl3NiUSrXRB70+G
PUoNDC5maF5dGKpYHJNtVla1UKJlt46448pj2a26aO0jX2AAY6nUVQWFfA9ShnTt
Um4qRyDSMnYI2iM5e66bLjivtfZOlMy/bxSaYxiS1F4IsV+ayxhde/FvwQiTqhrK
TG43MuWSiCLQ+Y3HH5OJvbDlzyL1Pe5Cew+fwCusjL0ZXlqmz3k7pjKqvUIXrshj
zKm9ArsS89rIsMUOSCK4d9OxrQ4ZE1kBjogH6qgHBYr6xDffVfY9Ox2alQYOIQOn
aYTnlSDF0RsSppuBGOa8XFaBAAFkyw/uioAGHQ/bRJCzL/pL82djIuaIaTkcJw8b
NGYtdcBs/WPdcwKJGaYvFT03m1ywa3n1wENB6ReEsm6++zXF8hTKZnd/hVce1qp5
Akii2ox8D20O+scertHJyv1Xp4qVQsZt/r1UO9dLGwIZmg7XwdT16qfMCqjZwrDI
Bevcz3psQ25Vu3LxUZ3Hv2/BOKIUNQYo2TJDCArre9Wf36+wo8NIyT8AdDNfcVWf
HBxvKIhMoXufwtThY+zQtaoepWvUTzZO6xPYxY+fpsrjoq05OYOpvrR9cMBNvD14
TIcO9Xl79zw2EoV1AOiC
=U5+1
-----END PGP SIGNATURE-----
More information about the sword-devel
mailing list