Re: [xml] A long URL causes SEGV

From: Igor Zlatkovic <igor zlatkovic com>
To: Yuuichi Teranishi <teranisi gohome org>
Cc: xml gnome org
Subject: Re: [xml] A long URL causes SEGV
Date: Tue, 10 Feb 2004 08:08:58 +0100

Yuuichi Teranishi wrote:

Fixed. Thanks.

I noticed `xmlNanoHTTPScanProxy' also has the problem.
The patch attached to this mail solves it too (hopefully).
(It defines XML_NANO_HTTP_URL_LENGTH instead of a magic number 4096 ;-)

By the way, this bug causes a buffer overflow, doesn't it?
I'm worrying this may allow remote attackers to embed a long URL
in the XML file (or something like that which kicks nanohttp)
to execute illegal codes.
If so, I think fixed version should be released and announced to
the developers.

Fixed in CVS since yesterday. Using the magic number instead of themacro, but the bug is gone anyway :-)

This was the buffer overflow, that is right. Thus there was atheoretical possibility to execute arbitrary code by constructing amalicious URL. However, most users control the XML they feed libxmlwith, so there is little chance for an actual exploit.

Nevertheless, since we Windows users cannot be trusted to keep ourmachines secure, a Windows binary with this fix (called version 2.6.5+)has allready been released.


Ciao,
Igor

References:
- [xml] A long URL causes SEGV
  - From: Yuuichi Teranishi
- Re: [xml] A long URL causes SEGV
  - From: Igor Zlatkovic
- Re: [xml] A long URL causes SEGV
  - From: Yuuichi Teranishi
- Re: [xml] A long URL causes SEGV
  - From: Igor Zlatkovic
- Re: [xml] A long URL causes SEGV
  - From: Yuuichi Teranishi

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]