From mike.gabriel@das-netzwerkteam.de Thu Jan 8 10:48:33 2015 Received: (at 722) by bugs.x2go.org; 8 Jan 2015 09:48:35 +0000 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on ymir.das-netzwerkteam.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,URIBL_BLOCKED autolearn=ham version=3.3.2 Received: from freya.das-netzwerkteam.de (freya.das-netzwerkteam.de [88.198.48.199]) by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 3E9C15DB53 for <722@bugs.x2go.org>; Thu, 8 Jan 2015 10:48:33 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (grimnir.das-netzwerkteam.de [78.46.204.98]) by freya.das-netzwerkteam.de (Postfix) with ESMTPS id CBB5A1FBB; Thu, 8 Jan 2015 10:48:32 +0100 (CET) Received: from localhost (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTP id B9B533C881; Thu, 8 Jan 2015 10:48:32 +0100 (CET) X-Virus-Scanned: Debian amavisd-new at grimnir.das-netzwerkteam.de Received: from grimnir.das-netzwerkteam.de ([127.0.0.1]) by localhost (grimnir.das-netzwerkteam.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qTv2f9O8e989; Thu, 8 Jan 2015 10:48:32 +0100 (CET) Received: from grimnir.das-netzwerkteam.de (localhost [127.0.0.1]) by grimnir.das-netzwerkteam.de (Postfix) with ESMTPS id 8977C3C880; Thu, 8 Jan 2015 10:48:32 +0100 (CET) Received: from 134.245.44.4 ([134.245.44.4]) by mail.das-netzwerkteam.de (Horde Framework) with HTTP; Thu, 08 Jan 2015 09:48:32 +0000 Date: Thu, 08 Jan 2015 09:48:32 +0000 Message-ID: <20150108094832.Horde.C_vJM1ggUEDggFjNirGLEA1@mail.das-netzwerkteam.de> From: Mike Gabriel To: Orion Poplawski , 722@bugs.x2go.org Subject: Re: [X2Go-Dev] Bug#722: Fwd: [Bug 1179869] New: [abrt] x2goclient: ref(): x2goclient killed by SIGSEGV References: <54AD7354.2010500@cora.nwra.com> In-Reply-To: <54AD7354.2010500@cora.nwra.com> User-Agent: Internet Messaging Program (IMP) H5 (6.2.2) Accept-Language: en,de Organization: DAS-NETZWERKTEAM X-Originating-IP: 134.245.44.4 X-Remote-Browser: Mozilla/5.0 (X11; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0 Iceweasel/32.0 Content-Type: multipart/signed; boundary="=_JMtDv8EZPrSSrnPoPzK0Ow5"; protocol="application/pgp-signature"; micalg=pgp-sha1 MIME-Version: 1.0 This message is in MIME format and has been PGP signed. --=_JMtDv8EZPrSSrnPoPzK0Ow5 Content-Type: text/plain; charset=us-ascii; format=flowed; DelSp=Yes Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Control: severity -1 important Control: retitle -1 add sanity checks when processing stdout of X2Go=20=20 Server=20commands Hi Orion, On Mi 07 Jan 2015 18:56:36 CET, Orion Poplawski wrote: > Package: x2goclient > Version: 4.0.2.1 > > This crashing here: > x2goSession ONMainWindow::getSessionFromString ( const QString& string ) > { > QStringList lst=3Dstring.split ( '|' ); > x2goSession s; > s.agentPid=3Dlst[0]; > s.sessionId=3Dlst[1]; > > looks like the session string is corrupted and doesn't have the expected > number of elements. Need some error checking here. > Unfortunately, X2Go Client code does no sanitizing at all at most=20=20 place.=20It simply expects that the X2Go Server on the other end is=20=20 working=20correctly (which it sometimes is not)... Raising severity to important... Mike --=20 DAS-NETZWERKTEAM mike=20gabriel, herweg 7, 24357 fleckeby fon: +49 (1520) 1976 148 GnuPG Key ID 0x25771B31 mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de freeBusy: https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.x= fb --=_JMtDv8EZPrSSrnPoPzK0Ow5 Content-Type: application/pgp-signature Content-Description: Digitale PGP-Signatur Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAABAgAGBQJUrlJwAAoJEJr0azAldxsxGDMP/293m1PRj6P7Scu+ol26bsOt GdZjYGyE8rHatnm/tk/vafUX86y0a6O0naoatSW4XnrYKSe4x1M23hZNFOmTGJ6z akrCEQOKnM4vD4Uic8nvDfyXF/4R/FCHg/n8/rFVsPalVuLjUI+M8ptA1yVGIPH7 6W7vyUzPIeHeD2d5v2kpJzJxDmviSJ9i0VLV/5pXyBMvEHQCJYqbDGmcWbSyZ1T+ 8cKZpLKwLxq/AiZnXVw+u7zhTRs/gY4LuxiA3B0hUBWq5xE24w1sYj5B6Cxqd/0p MzqGHAnh0mXDtsn9FiFQ35cFCqceRfVjpnSI18+20ZOXKiA2zx5nPgMZQQuAfEOP kf7n0nAzo7bvq1CI7BRXDb5zxC6VCvLywYFXcrLFOiTTFmifT6ZXfl5AJzEXS0LM Q8nzyMV5IoOv8MYFiSUHM2F0TpWuAG01Una+DIAEYCJxzJhEdytaG1zXh3iVU1ht Jp1wnXjHV6SE/J7DNrt9xmEWXLojmxPPn74nXJEQQAIc9Kkj4jx8YuV1MFub2mlN JX4Y9aotTK7H6ICK/IcE0mnMn6Z4++DfzBxacE5MMw6gQKjofQx9DLCeZv+UrJT9 +gE3FErAOGRUMBZ4AhDmJ0oYFjEJnEDxkSC/l/RhEKlVwk3Y7q4QqvExdHrkGpBR d3LB80NUJc9QWpIxcmxL =xKe7 -----END PGP SIGNATURE----- --=_JMtDv8EZPrSSrnPoPzK0Ow5--