Bug#405197: libsoup2.2-8: rhythmbox daap plugin crash triggered
remotely
Roland Lezuo
roland.lezuo at chello.at
Mon Jan 1 18:17:16 CET 2007
Package: libsoup2.2-8
Version: 2.2.98-1
Severity: normal
There is a segfault in rhythmbox which can be triggered by running
nessus 2.2.8 against a box running rhythmbox with daap plugin.
I've built a debug version of libsoup from debian sources, here is the
trace:
#0 0x00002b7566eb7d69 in strstr () from /lib/libc.so.6
#1 0x00002b7562642f76 in soup_headers_parse (str=0x2aaaae5f1800 "GET
/", len=261, dest=0x1296e00) at soup-headers.c:38
#2 0x00002b7562643537 in soup_headers_parse_request (str=0x2aaaae5f1800
"GET /", len=261, dest=0x1296e00, req_method=0xd441a8,
req_path=0x7fff4976b860, ver=0xd44238)
at soup-headers.c:160
#3 0x00002b7562647b3b in parse_request_headers (msg=0xd44190,
headers=0x2aaaae5f1800 "GET /", headers_len=261,
encoding=0x2aaaae5b6038, content_len=0x2aaaae5b6058, sock=0x951bb0)
at soup-message-server-io.c:34
#4 0x00002b7562646c15 in io_read (sock=0x951bb0, msg=0xd44190)
at soup-message-io.c:578
#5 0x00002b75663df479 in g_closure_invoke () from
/usr/lib/libgobject-2.0.so.0
#6 0x00002b75663eeae1 in g_signal_chain_from_overridden () from
/usr/lib/libgobject-2.0.so.0
#7 0x00002b75663efd95 in g_signal_emit_valist () from
/usr/lib/libgobject-2.0.so.0
#8 0x00002b75663eff73 in g_signal_emit () from
/usr/lib/libgobject-2.0.so.0
#9 0x00002b75626509a2 in socket_read_watch (chan=<value
optimized out>, cond=0, user_data=<value optimized out>) at
soup-socket.c:1073
#10 0x00002b7566a8bc73 in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
#11 0x00002b7566a8eabd in g_main_context_check () from
/usr/lib/libglib-2.0.so.0
#12 0x00002b7566a8eda6 in g_main_loop_run () from
/usr/lib/libglib-2.0.so.0
#13 0x00002b75643ed6b2 in IA__gtk_main () at gtkmain.c:1003
#14 0x000000000042e151 in main ()
The problem seems to be caused by a binary 0 in the request, i've
extracted the following string:
"GET /\0x00.jsp HTTP/1.1\r\n"
^^^^^
binary 0
regards
roland lezuo
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Versions of packages libsoup2.2-8 depends on:
ii libc6 2.3.6.ds1-9 GNU C Library: Shared libraries
ii libglib2.0-0 2.12.6-2 The GLib library of C routines
ii libgnutls13 1.4.4-3 the GNU TLS library - runtime libr
ii libxml2 2.6.27.dfsg-1 GNOME XML library
libsoup2.2-8 recommends no packages.
-- no debconf information
More information about the Pkg-gnome-maintainers
mailing list