-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 This might not be directly related, but looking at curlhttpt.cpp, the line:
sprintf(possibleName, "%.*s", possibleNameLength, pBuf); Is a potential buffer overflow, because the possibleName buffer is 400 bytes, but possibleNameLength is not checked to be < 400. So the server might cause a buffer overflow. Imho this is a security issue. Looking at the quality of this code, I'm not suprised. Blessings, Jaak On 26.06.2013 15:51, Mark Trompell wrote: > I'm trying to access a http repository > (http://marktrompell.de/sword/) installmgr -r works fine, -rl too > but installmgr segfaults on -ri Same for Xiphos, I can refresh and > see what modules are there, but it crashes when I try to install. > Probably the repository isn't properly setup, but nevertheless > sword shouldn't crash. Attaching 2 backtraces, one from installmgr > and the otherone from xiphos. > > Blessings Mark -- Mark Trompell > > Foresight Linux Xfce Edition Cause your desktop should be freaking > cool (and Xfce) > > > > _______________________________________________ sword-devel mailing > list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel Instructions > to unsubscribe/change your settings at above page > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQgcBAEBAgAGBQJRyuiaAAoJEEqsYmEt1rCO7cBAAKoKkjX/RQ9EqLMrCXnCK17e ZI8+b6cOjqnpFjo/EUagCK0ktlxU8o7zUOe6yHQc7fwdD8AnHa049zKRI2sHaM/S +mf+hX/5rez+br6h8lcmHTFrZ3KA189TcGMv60f8Th/WR01LsSfyIBwJl5EIS4zT IrleVfJFi0AvyBMK68mqbQdOZA7dr1Pm1TxhUL22cnpjP2a3n1viYu22swSAj1kA QQnc7Qv6PfD0eiwkd+ty4a7goQ6gjNWbcsaTRYYfdJ7+MuNAuP6xxVvKSBpXZEg1 +XEpRUwyjhfvepWtHbHlwWiZhvopQWurcCeJsq6m0vIteeI/T6Qbbv2TvoK1JaIB 21Z0Dtq5g3aSV8qxBB5GPcYRSPJQ01PZ2km3ijOYrWjnWbO8EPC1FNg9dxp17DU1 CBRkm7RxYm+3oxU5H9nXF7QhXKZeo+tiKrm7kglaMs1Xon4jIHZQh304MmFalnel FKfgi17gPhk5EdBIf9nvt9mW8raUsYFB6sZp9ajTrs58XqIfjRhVaaLYivmQIIL9 KCWj5D7T9uy3VM02YaYgCUb6fRLvdhN4WZ3ZQ5/dCrO0576I1sKsyqmSEA1aFwPC TkRdT48mXwm6A7wUUESL92J8ShbsMiqYyJwdCDsFK6nrL+Zgt0vFHQNNzFL2LqNx pfGMCsFj8pV4e38ujnjMaQ7i2sOHiSPQLJ7tVeSYSQIk20LGM8uwqqsEyefgtRCk 639cyBCoTGLow6x2L7e71+tS2kT06xPqV2kcdGVt7ThnmwOqIrtl1Y4aO1Yp9BY4 DEIXesfR9TagDqzvZKfH576tKnphFz95aUMwx+9/FVfpjGn5l9z/0qbE/oCAh6wf l9tu1Y1c3dAzRrY/sYCKZu926qUt0q26Z4hgWyN5rBfmmAV1beyO6yqr7t4/m3JM 2y1JhHsMBPv1Oz1TLZ9koEhE4lDy16blsKAA5S+WkaF+GsHd9M07XqFTAH1cxjhS EHZU7Y8a35jg8VhUibT1uytlgJITUaAPW+WV5O8ZrfO8W6In74OH0npskOIGXISp YkSi1hm2zhrK5FctzUgAxbD62r5l49APKJSlHHU9bjtb+UonQNx+D8cPU/6YZ0+c XRIECR7sCK2HRM7utKg+w48jqmfkJmIl4InCnEKNOO91By/n9I90rZgBuIeUIdDz WQmuFAe15sbCKZC0fwCqtnzp61ZuqTli2ORwp6wOYmPCJSoIpI8qXAcRR9OfvF5F gkreSpCwO35QXYwnNIrm0/k9qAFsRlBLespq0KzCRfp0MNxbFxHJa6OzoIDR+pmv 1tGXAsmRRydyH9JOGXXEvK1WkrmaUFruYfauQ7bMORpx/+MuVVxi0PCEp0oXfh2f PRjmamNuVTZFVL3BKNJLXzkX54YdxSXzinCREmr/aXRv+zHbx9VzqgZ6OMBSJXUB hiEC4Z6D/zhTBZwjudGojC7G/Danptb1MahfJp+rNYjus0+Rm7ceLgbKOGfwxKnC QsaeKDdvTX+y6E+0tsHsRoFh7iyP3Si7N6HimI4dDyILUpWP62Xkkm+jfkDK7cFW jcOxMq0ZSRZAqnAwSKwdJ5pyTHwnSHxI4HBkG9Z7kaW3/q3IBYNhjmCsmfahRZ3/ mUVxBTGEnyS9YUzzDRurto3ME+IAFspHj8rIGzcNDheFc72Y3ViBnHfxAaJZAmJd hbX6JVNOdQgq3xoJaI03nGCEE6VxcaXavNpIVSLkC3JQK4Q4CkPgny5Z5MTnqjsf 4ypxAfhQyQtWzOONFdll/MUbxiN66O56n/X+PbLBG6VrsJF84Mb9DiW5n9gzQ6a8 HR/k5PTEUZgPeAyF0GWeI4ftIQSFWVOLZX8Z2AtkPfIrkl+gaK9WtPwci3L5OFOY QuQuQkfqMOPB4HeLfp+fob6hmRJCkYtiWTC2Vu5eHMl3kbnHn5jYCmk+U7B4cqsJ tT9KUOpujXsTr8Xqzz60GPFGJORMqZzgFCOco3l4JDH139N/FoOrlJKxZFsVSJws p5VRybZzXahdEo2yQAKPKf2EBSA38hcl3Hp/ThY0Gcy6UovFzmzGmWZ/2QHXFkCS nvkd0xSihI19iUd40RVViN+eZvbfnH2pEPCzc23vstbbLC5FQx09vc5E7fHCobBF N/8D9KOxrj8jXUPYRxCa6gq6OJ3SsrOcxA3pMgXeA7nm1zAJfLzXET5svTvYLF96 UKEfVFTfqQG3fmu9hj99WIAlxWfCcg8o3kkQeqTRjlNbI5x6jBl/Z9zzc1QzupP0 27XLiWQ/2PhddgaoOIHtfgle0LCi2G3ijrco9d/RJRgI40m85zAXV4xPNZ/GHmg4 CnJ+WVVF4mrLRF0qqIXdO21Akuz4yEn3a2+7dra7fN2HmvtL7pFIpsshzNLp4pja Xa1eM7J6auPPT3VvjIu7srVOWReXzZAjqsZPh/KzUldaPhbJ8Vxg47JlHuDOK77r Mw4XmQG3gAJc90kf1aVucUuQLAhylgU4w6Wwshd97DeoxvW1zR911XCq4kkETSjn 9NkxUtlXgAH0U6ywStZtPdVH5jI0SVyp7zoxj9pTPx/+kqL9Z6hNV3HL+4J0aqo5 x5z1Z+MJ5GDDIySxBccd+s9bYkdy3aG5ZKQlwDe4KhBGvGVNHLtPrZIV20CI1JjC 0+h55zNMOnR4I/R04UOeHxxPiwffwCfh4DcBqVcp0poUgCmjtCaNqB02rvE3PjGw JydoI+Ze7PYl3viwVBIz =c2cS -----END PGP SIGNATURE----- _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
