Bug#405197: libsoup2.2-8: rhythmbox daap plugin crash triggered remotely

Roland Lezuo roland.lezuo at chello.at
Mon Jan 1 18:17:16 CET 2007


Package: libsoup2.2-8
Version: 2.2.98-1
Severity: normal

There is a segfault in rhythmbox which can be triggered by running
nessus 2.2.8 against a box running rhythmbox with daap plugin.
I've built a debug version of libsoup from debian sources, here is the
trace:

#0  0x00002b7566eb7d69 in strstr () from /lib/libc.so.6
#1  0x00002b7562642f76 in soup_headers_parse (str=0x2aaaae5f1800 "GET
/", len=261, dest=0x1296e00) at soup-headers.c:38
#2  0x00002b7562643537 in soup_headers_parse_request (str=0x2aaaae5f1800
"GET /", len=261, dest=0x1296e00, req_method=0xd441a8,
req_path=0x7fff4976b860, ver=0xd44238)
    at soup-headers.c:160
#3  0x00002b7562647b3b in parse_request_headers (msg=0xd44190,
    headers=0x2aaaae5f1800 "GET /", headers_len=261,
    encoding=0x2aaaae5b6038, content_len=0x2aaaae5b6058, sock=0x951bb0)
        at soup-message-server-io.c:34
#4  0x00002b7562646c15 in io_read (sock=0x951bb0, msg=0xd44190)
	at soup-message-io.c:578
#5  0x00002b75663df479 in g_closure_invoke () from
	/usr/lib/libgobject-2.0.so.0
#6  0x00002b75663eeae1 in g_signal_chain_from_overridden () from
	/usr/lib/libgobject-2.0.so.0
#7  0x00002b75663efd95 in g_signal_emit_valist () from
	/usr/lib/libgobject-2.0.so.0
#8  0x00002b75663eff73 in g_signal_emit () from
	/usr/lib/libgobject-2.0.so.0
#9  0x00002b75626509a2 in socket_read_watch (chan=<value
	optimized out>, cond=0, user_data=<value optimized out>) at
	soup-socket.c:1073
#10 0x00002b7566a8bc73 in g_main_context_dispatch () from
	/usr/lib/libglib-2.0.so.0
#11 0x00002b7566a8eabd in g_main_context_check () from
	/usr/lib/libglib-2.0.so.0
#12 0x00002b7566a8eda6 in g_main_loop_run () from
	/usr/lib/libglib-2.0.so.0
#13 0x00002b75643ed6b2 in IA__gtk_main () at gtkmain.c:1003
#14 0x000000000042e151 in main ()

The problem seems to be caused by a binary 0 in the request, i've
extracted the following string:

"GET /\0x00.jsp HTTP/1.1\r\n"
      ^^^^^
      binary 0

regards 
roland lezuo

-- System Information:
Debian Release: 4.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-amd64
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)

Versions of packages libsoup2.2-8 depends on:
ii  libc6                      2.3.6.ds1-9   GNU C Library: Shared libraries
ii  libglib2.0-0               2.12.6-2      The GLib library of C routines
ii  libgnutls13                1.4.4-3       the GNU TLS library - runtime libr
ii  libxml2                    2.6.27.dfsg-1 GNOME XML library

libsoup2.2-8 recommends no packages.

-- no debconf information





More information about the Pkg-gnome-maintainers mailing list