https://bugs.kde.org/show_bug.cgi?id=310711
Bug ID: 310711
Severity: normal
Version: 1.7.2
Priority: NOR
Assignee: kdepim-bugs@kde.org
Summary: akonadiserver crashes on malformed input to UNIX
socket
Classification: Unclassified
OS: Linux
Reporter: k...@machine.org.uk
Hardware: Other
Status: UNCONFIRMED
Component: server
Product: Akonadi
Hi,
I don't believe this is a security flaw as it affects the UNIX socket which is
only accessible to the root and owner user. However, I found that
akonadiserver crashes on malformed input. Reproducer as follows:
$ perl -e 'print "\n"' | socat
UNIX:/tmp/akonadi-tmb.HoHuFd/akonadiserver.socket STDIO
This results in:
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7f6013fe7700 (LWP 15368)]
0x00000000004db260 in ?? ()
(gdb) bt
#0 0x00000000004db260 in ?? ()
#1 0x00000000004233bf in ?? ()
#2 0x00007f6021a5f54f in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#3 0x00007f6021a5f54f in QMetaObject::activate(QObject*, QMetaObject const*,
int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#4 0x00007f602165036c in ?? () from
/usr/lib/x86_64-linux-gnu/libQtNetwork.so.4
#5 0x00007f6021654952 in QAbstractSocket::waitForBytesWritten(int) () from
/usr/lib/x86_64-linux-gnu/libQtNetwork.so.4
#6 0x00000000004228c3 in ?? ()
#7 0x0000000000422cce in ?? ()
#8 0x00007f602194ed0b in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4
#9 0x00007f601fc5fb50 in start_thread (arg=<optimized out>) at
pthread_create.c:304
#10 0x00007f601ff4fa7d in clone () at
../sysdeps/unix/sysv/linux/x86_64/clone.S:112
#11 0x0000000000000000 in ?? ()
(gdb) x/1i $pc
=> 0x4db260: mov 0x8(%rsi),%rax
(gdb) i r rsi rax
rsi 0x0 0
rax 0x1 1
$rax is the number of bytes that the user has supplied.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
Kdepim-bugs mailing list
Kdepim-bugs@kde.org
https://mail.kde.org/mailman/listinfo/kdepim-bugs
