-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Ok, the crash is caused by a NULL pointer dereference, because
pBufRes = (char *)findSizeStart(pBuf); might return NULL after which pBuf = pBufRes; and pBuf++; pBuf = strstr(pBuf, "<a href=\""); are executed. The latter strstr expression tries to dereference (++((char*)NULL)) and crashes. Blessings, Jaak On 26.06.2013 16:12, Jaak Ristioja wrote: > This might not be directly related, but looking at curlhttpt.cpp, > the line: > > sprintf(possibleName, "%.*s", possibleNameLength, pBuf); > > Is a potential buffer overflow, because the possibleName buffer is > 400 bytes, but possibleNameLength is not checked to be < 400. So > the server might cause a buffer overflow. Imho this is a security > issue. > > Looking at the quality of this code, I'm not suprised. > > Blessings, Jaak > > On 26.06.2013 15:51, Mark Trompell wrote: >> I'm trying to access a http repository >> (http://marktrompell.de/sword/) installmgr -r works fine, -rl >> too but installmgr segfaults on -ri Same for Xiphos, I can >> refresh and see what modules are there, but it crashes when I try >> to install. Probably the repository isn't properly setup, but >> nevertheless sword shouldn't crash. Attaching 2 backtraces, one >> from installmgr and the otherone from xiphos. > >> Blessings Mark -- Mark Trompell > >> Foresight Linux Xfce Edition Cause your desktop should be >> freaking cool (and Xfce) > > > >> _______________________________________________ sword-devel >> mailing list: sword-devel@crosswire.org >> http://www.crosswire.org/mailman/listinfo/sword-devel >> Instructions to unsubscribe/change your settings at above page > > > > _______________________________________________ sword-devel mailing > list: sword-devel@crosswire.org > http://www.crosswire.org/mailman/listinfo/sword-devel Instructions > to unsubscribe/change your settings at above page > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.20 (GNU/Linux) iQgcBAEBAgAGBQJRyunYAAoJEEqsYmEt1rCOriVAAKJkZ/zD9RrQwW6vuM2TKnhF 4K7bLWTD/hK28IKfIj62WA9ing2ub+ThJ+grzUZKfCGAEN+1z+Hb/R+BAdnMZY3i 8OcdVn5CUCjH1tE3rYurbD3db7GBsvo0YzuAJMcJDDTO8sbZchvm8jIYtMVoTJwy IQ59BcPDhLihTZBkb1Q/VycsatIWRZbn460azJHSR4E25JPdR5Xq2LTuetGm4mlz ZlEyIFxPCAU+1Ie9sfUJCb+yl0Jz9Sw2JJGCv7v8sQxobkIba0hqstcVGSiRre41 W+MbmqyY+/nl+yq1XVZvxIHxBae419VnJqJwAdqoMwz5jTRgo0MFH0xsTpUGm4Mc cFXXM2JfUE2JAXQz/7oHxHrFNKVZPqqk8Yw3t3w3sPry7tO0ilfHV+YpfvHY5cCV ODoKrOt45Mma2WX7xGVh+2fh/OhLImzSym7uN7lHub/PriwOs8SFiN5EEF1lMyxf +qwnZpEVRhbJMO+fFl7eWbqWgX/cCNipLNK/DITHLXREv6tfJhq5HShxGsw22b6+ GP9zkRhVSwOZN6SYFZ4gGmbjeozwsy8NWIZ8SoEqQwwr/F/E2Vp6lSc1VKV4O+0a 9FkR6D82B2LRG7rOGSjoaSxdFvZYYMSG5Y/MY4XoVZcmnIyfVUkgskkizqveZz1j IFbrvLUVuc+LU75lyEGFAZRaRmvodOSF6yYoMi2SG+3Iv7p2UDoccEOnBWfElcvR yfct9+W0RZn8WwSCfPdN0pyYa0O8OOayISWyYZfqOfpI1E5T3qC/AIdSmVYPh/Yj 5TWpspzQrbMaT+oSSSfW0eeT2/ICd1sA+pDJBDQauWV7PDNYdYzzxFk57m16H/Ve bLPCJl7eZsKBeOUeR9gv5P3Rufwt/JwYTB8kFh9aNzsMyd3TpbLKopGDfbdk0fjO sJOFGEE3wsNh95DwDYAOM25Oc1eLxyAGHC7sPnbKV7ZKsHF8wWylszZqBMZKzWiO xUMX8f4h5bSXzcUXaTbkLKQRQBbwIE22JJVkEmHEVoOAcG00z3+ueGKMO2Q1PQJ9 05dNuWqNAtl3tUGMeAva03ineziU7ivVgppV54N9E2zLL3Z2Mncy0BQW+Kd0kFn8 Td5Gl9gVfcSpqPVqBBkxTFwmgd8GOdl+xkkSIZ142cRS277t7DYvdVctLdkVX4vL 2fFmXZnRTElv46xRNxElkRo24WKRJ+Na7WGX1bHslPnB3CyC79GWc0jQp6Xm4+u6 zd1uOurK4gBNHz3Hikz7QA7lyhVz8ikqIowFjUSpjr3GC92EW85EB34oNoiG+rfw fzggT2Axiu8FUe5sKq/oo/ylXmEwyNTIuqWDumyJwSaJF0WD0RxlKskawT4Z69OD z6NbbigmEH+vuA42N95K8iQ9kMhA7+7NEld0VXfrhQFXniOdiO9fb+5RySs2XDXV nEo7QYRYd0tBvCzB00z9+PQSNQe3eQIBUbbjyC6BrX/WH6+U9SceySEQFNuZzbYZ vXayzQIuugf68QEReVrjTKUbT7ogj1AS5XuYoRm/11fxKJXL14lrZzG/mkyHTXfM yheG91HXOP0H1FYuohpWyPlSCi7mViP69juZNNr7eq3HTBkTfs2T6IMWlCRPsfOm 72SQloGoVfrdL3QMSPTlydpgWKszU9rZkXtQp1Lqb2uTRhbK8KKsqqb3a5cnGJYw AwCvHMr0S/8T5xMKyx2yX+HhQcbuD222HCEcdBmDJlL2UDfPdv0eAFuucsgVEuKt 4eyS5Z7VPd+lJ+z+6Jkn8mdAqz9EsCRATUadepE1nJmytvhxZTuycOg2Ltb3j8r+ bdHKu6SFVQtGC0fNULJrZ7bcohAiUQGP44XxB4PlPXGHxvHOvHnTDjeqERn2x3kg TrIbrl6/GUAnnXPYWHzdYGr5JwNg1jV7CWTn0dvgs8ROzxZro9USL9QnAVT6K44S iR4ZipzJSPDzSuCkYWwlXlSY1Y/itNdalU6/9HwKRPLsqV3v6RxZhRVp20tQDZrp O0GxKp7adh4Rf1zyN1ganL9DZRvhsXMZLZdkFuXpTNfoUojLcdrHyth6faYcRBUb S6Ris7Sqn3nJRe8AzSc04Hp7/8LcCvI99eaTudMyN56dFRW+SFo+kpFXg1KKVY/k TH33o5Nz2Fg35mrLlITkVETUQrF6LJFOiJTHFsZZ6REPTYwWmNNSRuPYn5N90rrn w3vyQPLY02eFsNaPHJaPE9i0PI6RX1lzyqGrrU/O5LuXgKfheJwvXQOA5jEidO9a OoDtm8YCbKH0ks+2KrK6RTQcaSPoYkRIIAdiE/RnHIG7ROAPWS8SQGg6Dkgz0xVU kOAYqyfZgnU1YLiMM8e0+e94OA34DrCbBmXONeIN44QC0ckjcFkFFxUEjBJtv/dj H/1TCOt+2dwO/KCn6br/XWO6zeOAhAX2oa0LmGIr6rBbgenwyr/g8aR2XyQePAQQ Bp2MminwEB5WzEV+7qy0PPlt6Pp+PWIJvcJZXYl0AUfyHp5AlemGlwXj87t4mYLA piQ2RhVnI8qRPvdtRUK6g1T1YEou+uzbpvSQWQKGERlCkhDgP4x9CQ3F9n1iAx9I Id5m5hRsZbWrrnQzBPazhcL8wTwQpNj/IqDF940SSc7/tObFEhvtam1aG7s/Jt+X yhAx3wp55R8SIwJ6NDWdw+/qTFaOPgjdkkNovHzMK/vju7Jxf9KjpgfYvJQpC4fE P83LXlhpOMH26c4a3Q9X =w1+S -----END PGP SIGNATURE----- _______________________________________________ sword-devel mailing list: sword-devel@crosswire.org http://www.crosswire.org/mailman/listinfo/sword-devel Instructions to unsubscribe/change your settings at above page
