Package: gnome-inm-forecast
Version: 0.6.1-1
Severity: grave
Tags: patch
This bug is grave since it is a buffer overflow that could be used to
gain access to the machine.
The patch is attached and it is already applied to gnome-inm-forecast svn:
http://kutxa.homeunix.org/svn/gnome-inm-forecast/trunk/
#0 0x00007f6a99164ec1 in memcpy () from /lib/libc.so.6
No symbol table info available.
#1 0x0000000000406541 in parse_temperatures_data (applet_data=0x1beb740,
buf=0x1df61e9 "Cota nieve prov.(m)</th><td colspan=\"2\"
class=\"borde_rb\">400 </td><td colspan=\"2\"
class=\"borde_rb\">700 </td><td colspan=\"2\"
class=\"borde_rb\"> </td><td class=\"borde_rb\"> </td><td cl"...,
type=3) at main.c:612
temp_buf = 0x1de8c60 "Cota nieve prov.(m)</th><td colspan=\"2\"
class=\"borde_rb\">400 </td><td colspan=\"2\"
class=\"borde_rb\">700 </td><td colspan=\"2\"
class=\"borde_rb\"> </td><td class=\"borde_rb\"> </td><td cl"...
tokens = (char **) 0x1dfdb00
tk_snow = (char **) 0x0
yy = 19
idx = 10
#2 0x0000000000407d80 in check_inm_url_close (handle=0x1, result=GNOME_VFS_OK,
callback_data=0x1beb740) at main.c:953
x = 0
applet_data = (AppletData *) 0x1beb740
#3 0x00007f6a9ac37885 in ?? () from /usr/lib/libgnomevfs-2.so.0
No symbol table info available.
#4 0x00007f6a9bf6778b in g_main_context_dispatch () from
/usr/lib/libglib-2.0.so.0
No symbol table info available.
#5 0x00007f6a9bf6af5d in ?? () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#6 0x00007f6a9bf6b48d in g_main_loop_run () from /usr/lib/libglib-2.0.so.0
No symbol table info available.
#7 0x00007f6a99f1f336 in bonobo_main () from /usr/lib/libbonobo-2.so.0
No symbol table info available.
#8 0x00007f6a99f1d801 in bonobo_generic_factory_main_timeout () from
/usr/lib/libbonobo-2.so.0
No symbol table info available.
#9 0x00007f6a9b7b0624 in panel_applet_factory_main_closure () from
/usr/lib/libpanel-applet-2.so.0
No symbol table info available.
#10 0x0000000000409f34 in main (argc=2, argv=0x7fffa60475b8) at main.c:1705
program = (GnomeProgram *) 0x1b77850
retval = 0
--- gnome-inm-forecast-old/src/main.c
+++ gnome-inm-forecast/src/main.c
@@ -599,7 +589,7 @@
if (strncmp(tokens[yy], "td ", 3) == 0)
continue;
if (strncmp(tokens[yy], "nbsp", 4) == 0)
continue;
//printf ("SNOW[%d]: %s - len: %d - idx: %d\n",
yy,(tokens[yy]) ? tokens[yy] : NULL, strlen(tokens[yy]), idx);
- if (tokens[yy] && idx <= 10){
+ if (tokens[yy] && idx < 10){
if (strlen(tokens[yy]) == 0){
if (idx == 0){
strcpy
(applet_data->day_info[0].cota_nieve, "");
