[Pkg-kde-extras] Bug#488049: save audiostream file selector dialog: changing directory causes fatal error, probably STRING OVERFLOW

Roland Eggner roland.edv at eggner.at
Wed Jun 25 20:16:20 UTC 2008


Package: kaffeine
Version: 0.8.6-2
Severity: important
Tags: security

--- Please enter the report below this line. ---

How to reproduce:
-----------------
(1)  specify an existing directory in dialog
Settings - xine Engine Parameters - media - Expert Options - capture.save_dir
(2)  connect to an audiostream server
(3)  open dialog File - Save Stream..
(4)  notice that directory (1) is preselected
(5)  specify path matching pattern 'subdir/filename' or '../filename' and
hit enter

Expected:
---------
Kaffeine should save audiostream to path (5) RELATIVE to directory (1),
as dialog (5) has promised

Observed:
---------
message pops up
> Requested resource does not exist
> (mms://stream4.orf.at/oe1-wort#save:/home/roland/Dokumente/www/Kaffeine/hda11/Salzburg.wma)
where URL and save path mentioned within parenthesis MATCH exactly (2), (1) and (5),
in fact they exist

select Details:
> 09:41:57 PM: input_rip: error opening file
> `[0e/roland/Dokumente/www/Kaffeine/hda11/Salzburg.wma: No such file or directory
  ^^^^
notice first 4 characters of path are replaced by BINARY data
> 09:41:57 PM: xine: join rip input plugin
> 09:41:57 PM: xine: found input plugin  : mms streaming input plugin
> 09:41:57 PM: xine: The specified save_dir
> "`[0e/roland/Dokumente/www/Kaffeine/hda11" might be a security risk.
   ^^^^
notice first 4 characters of path are replaced by BINARY data

on close by ctrl-q Kaffeine writes this path with the leading BINARY data to
~/.kde/share/apps/kaffeine/xine-config: media.capture.save_dir:

when I restart Kaffeine I CANNOT save any audiostream UNTIL I open dialog (1)
and correct save_dir


looks like a STRING OVERFLOW,
please check if severity "important" and tag "security" are appropriate
#369564 is perhaps related


--- System information. ---
Architecture: i386
Kernel:       Linux 2.6.23.12roland2

Debian Release: lenny/sid
  500 unstable        gd.tuwien.ac.at 
  500 testing         security.debian.org 
  500 testing         gd.tuwien.ac.at 
  500 oldstable       gd.tuwien.ac.at 
    1 experimental    gd.tuwien.ac.at 

--- Package information. ---
Depends                   (Version) | Installed
===================================-+-================
hdparm                              | 6.9-2
kdelibs4c2a            (>= 4:3.5.9) | 4:3.5.9.dfsg.1-4
libc6                    (>= 2.7-1) | 2.7-3
libcdparanoia0                      | 3.10+debian~pre0-4
libgcc1             (>= 1:4.1.1-21) | 1:4.3.0-3
libogg0                 (>= 1.0rc3) | 1.1.3-2
libqt3-mt             (>= 3:3.3.8b) | 3:3.3.8b-5
libstdc++6            (>= 4.1.1-21) | 4.3.0-3
libvorbis0a              (>= 1.1.2) | 1.2.0.dfsg-2
libvorbisenc2            (>= 1.1.2) | 1.1.2.dfsg-1.2
libx11-6                            | 2:1.0.3-7
libxcb1                             | 1.1-1
libxext6                            | 1:1.0.1-2
libxine1                 (>= 1.1.8) | 1.1.10.1-1
libxine1-ffmpeg                     | 1.1.10.1-1
libxine1-x                          | 1.1.10.1-1
libxinerama1                        | 1:1.0.1-4.1
libxtst6                            | 1:1.0.1-5


-- 
Roland Eggner






More information about the pkg-kde-extras mailing list