Package: reportbug-ng
Version: 1.0.1
--- Please enter the report below this line. ---
On Monday July 28th 2008 at 13:25:27 Roland Eggner wrote:
> ..
> How to encounter this bug
> ..
> (2) In input field "summary" enter a string containing a doublequote and
> later a * character. My first "unintended trial" was
> crash on exit "glibc detected *** amarokapp: corrupted double-linked list:
> 0x0808ded0"
On Tuesday July 29th 2008 at 00:29:42 Bastian Venthur wrote:
> Hi Roland,
>
> thanks for the bugreport. Unfortunately I cannot reproduce it. I've
> tried to enter something like "foo * " in the summary and icedove
> started without problems. Could you please give me a string which will
> show the problem?
String cited above. With 1.0.1 cannot reproduce any more.
>
> I also noticed, that you're using a very old version of rng. Could you
> please test if this still happens with a more current version?
Installed 1.0.1
---------------
Handles GRACEFULLY my original bug triggering string cited above :)
I tried some "nasty" strings and found:
---------------------------------------
(a) NO security relevant issues, NO shell file name expansion.
(b) Unquoted $EnVars are expanded .. this may be called a feature.
(c) Using an escaped doublequote it is possible to get an additional recipient
in kmail composer .. one may argue "this is a feature, not a bug".
(d) The worst behavior I could "tweak" was with string
test q" bq\"additional recipient 1 bq\" bbq\\" bbbq\\\" bbbbq\\\\" s * bs \*
bbs \\* bbbs \\\* bbbbs \\\\*
namely huge konsole output, the last ~20 lines were
File "/var/lib/python-support/python2.5/rnghelpers.py", line 166, in
prepareMail
prepareMail(mua, to, subject, body)
File "/var/lib/python-support/python2.5/rnghelpers.py", line 164, in
prepareMail
logger.warning("Grr! Calling the MUA failed. Length of the command is: %s"
% str(len(command)))
File "/usr/lib/python2.5/logging/__init__.py", line 999, in warning
apply(self._log, (WARNING, msg, args), kwargs)
File "/usr/lib/python2.5/logging/__init__.py", line 1101, in _log
self.handle(record)
File "/usr/lib/python2.5/logging/__init__.py", line 1111, in handle
self.callHandlers(record)
File "/usr/lib/python2.5/logging/__init__.py", line 1148, in callHandlers
hdlr.handle(record)
File "/usr/lib/python2.5/logging/__init__.py", line 655, in handle
self.emit(record)
File "/usr/lib/python2.5/logging/__init__.py", line 757, in emit
self.handleError(record)
File "/usr/lib/python2.5/logging/__init__.py", line 706, in handleError
traceback.print_exception(ei[0], ei[1], ei[2], None, sys.stderr)
File "/usr/lib/python2.5/traceback.py", line 125, in print_exception
print_tb(tb, limit, file)
File "/usr/lib/python2.5/traceback.py", line 67, in print_tb
' File "%s", line %d, in %s' % (filename,lineno,name))
RuntimeError: maximum recursion depth exceeded
Conclusions:
------------
(1) From my point of view, treatment of my test strings (designed rather
far away from real life) is acceptable.
(2) As I don't see security relevance any more apart from (4), I believe
other issues are more important. Apart from in 1.1 already implemented
features (settings window, save sort order) my most desired wishes for rng
are #478436 and #492835.
(3) I suggest downgrading this bugreport to minor.
(4) What remains to do, is an analysis of above reported behavior (d) and
a check if there is any security problem associated with the "almost"
infinit loop.
Looking forward to 1.1, probably tomorrow available on the ftp mirror I am
using :)
Many thanks for your work, by lever effect (more bugreports) it is a benefit
for the whole Debian project :)
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.23.12roland2
Debian Release: lenny/sid
500 unstable gd.tuwien.ac.at
500 testing security.debian.org
500 testing gd.tuwien.ac.at
500 oldstable gd.tuwien.ac.at
1 experimental gd.tuwien.ac.at
--- Package information. ---
Depends (Version) | Installed
===============================-+-===========
python | 2.5.2-1
python-support (>= 0.7.1) | 0.7.5
python-debianbts | 0.2.1
python-qt4 | 4.4.2-4
xdg-utils | 1.0.1-2
--
Roland Eggner
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
