Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 130049 Details for
Bug 189255
net-irc/konversation < 1.0.1-r3 Media Script id3 Tag Input Validation Error (CVE-2007-4400)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
konversation-media-script-vulnerability.patch
konversation-media-script-vulnerability.patch (text/plain), 1.92 KB, created by
Ingmar Vanhassel (RETIRED)
on 2007-09-04 23:19:15 UTC
(
hide
)
Description:
konversation-media-script-vulnerability.patch
Filename:
MIME Type:
Creator:
Ingmar Vanhassel (RETIRED)
Created:
2007-09-04 23:19:15 UTC
Size:
1.92 KB
patch
obsolete
>diff -aur konversation-1.0.1/konversation/src/channel.cpp konversation-1.0.1-fixed/konversation/src/channel.cpp >--- konversation-1.0.1/konversation/src/channel.cpp 2006-10-06 18:43:29.000000000 +0200 >+++ konversation-1.0.1-fixed/konversation/src/channel.cpp 2007-09-05 01:10:52.000000000 +0200 >@@ -890,7 +890,7 @@ > } > > // Send all strings, one after another >- QStringList outList=QStringList::split('\n',outputAll); >+ QStringList outList=QStringList::split(QRegExp("[\r\n]+"),outputAll); > for(unsigned int index=0;index<outList.count();index++) > { > QString output(outList[index]); >diff -aur konversation-1.0.1/konversation/src/konvdcop.cpp konversation-1.0.1-fixed/konversation/src/konvdcop.cpp >--- konversation-1.0.1/konversation/src/konvdcop.cpp 2006-10-06 18:43:29.000000000 +0200 >+++ konversation-1.0.1-fixed/konversation/src/konvdcop.cpp 2007-09-05 01:11:08.000000000 +0200 >@@ -82,15 +82,23 @@ > emit dcopMultiServerRaw("me " + message); > } > >-void KonvDCOP::say(const QString& server,const QString& target,const QString& command) >+void KonvDCOP::say(const QString& _server,const QString& _target,const QString& _command) > { >+ //Sadly, copy on write doesn't exist with QString::replace >+ QString server(_server), target(_target), command(_command); >+ > // TODO: this just masks a greater problem - Server::addQuery will return a query for '' --argonel > // TODO: other DCOP calls need argument checking too --argonel > if (server.isEmpty() || target.isEmpty() || command.isEmpty()) > kdDebug() << "KonvDCOP::say() requires 3 arguments." << endl; > else > { >- kdDebug() << "KonvDCOP::say()" << endl; >+ command.replace('\n',"\\n"); >+ command.replace('\r',"\\r"); >+ target.remove('\n'); >+ target.remove('\r'); >+ server.remove('\n'); >+ server.remove('\r'); > // Act as if the user typed it > emit dcopSay(server,target,command); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=130049">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 189255
: 130049
