https://bugs.kde.org/show_bug.cgi?id=310711
Bug ID: 310711 Severity: normal Version: 1.7.2 Priority: NOR Assignee: kdepim-bugs@kde.org Summary: akonadiserver crashes on malformed input to UNIX socket Classification: Unclassified OS: Linux Reporter: k...@machine.org.uk Hardware: Other Status: UNCONFIRMED Component: server Product: Akonadi Hi, I don't believe this is a security flaw as it affects the UNIX socket which is only accessible to the root and owner user. However, I found that akonadiserver crashes on malformed input. Reproducer as follows: $ perl -e 'print "\n"' | socat UNIX:/tmp/akonadi-tmb.HoHuFd/akonadiserver.socket STDIO This results in: Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7f6013fe7700 (LWP 15368)] 0x00000000004db260 in ?? () (gdb) bt #0 0x00000000004db260 in ?? () #1 0x00000000004233bf in ?? () #2 0x00007f6021a5f54f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #3 0x00007f6021a5f54f in QMetaObject::activate(QObject*, QMetaObject const*, int, void**) () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #4 0x00007f602165036c in ?? () from /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4 #5 0x00007f6021654952 in QAbstractSocket::waitForBytesWritten(int) () from /usr/lib/x86_64-linux-gnu/libQtNetwork.so.4 #6 0x00000000004228c3 in ?? () #7 0x0000000000422cce in ?? () #8 0x00007f602194ed0b in ?? () from /usr/lib/x86_64-linux-gnu/libQtCore.so.4 #9 0x00007f601fc5fb50 in start_thread (arg=<optimized out>) at pthread_create.c:304 #10 0x00007f601ff4fa7d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 #11 0x0000000000000000 in ?? () (gdb) x/1i $pc => 0x4db260: mov 0x8(%rsi),%rax (gdb) i r rsi rax rsi 0x0 0 rax 0x1 1 $rax is the number of bytes that the user has supplied. -- You are receiving this mail because: You are the assignee for the bug. _______________________________________________ Kdepim-bugs mailing list Kdepim-bugs@kde.org https://mail.kde.org/mailman/listinfo/kdepim-bugs