View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0002054 | libextractor | libextractor main library | public | 2011-12-31 17:09 | 2012-09-25 17:18 |
Reporter | LRN | Assigned To | Christian Grothoff | ||
Priority | normal | Severity | minor | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 0.6.3 | ||||
Target Version | 1.0.0 | Fixed in Version | 1.0.0 | ||
Summary | 0002054: [patch] metadata will absolute plugin name is shared? | ||||
Description | While tracing an opening of a GNUnet directory, i've noticed that the metadata items that is read from .gnd file contain absolute path to the plugins that produced them. Is that secure? | ||||
Steps To Reproduce | Run gnunet-fs-gtk under gdb b GNUNET_CONTAINER_meta_data_insert start File->Publish Open a file Look in gdb and see that GNUNET_CONTAINER_meta_data_insert() is called with absolute plugin name, and it will pass it on, and eventually publish it as-is. | ||||
Tags | No tags attached. | ||||
Attached Files | 0001-Report-only-short-libname-to-the-client.patch (842 bytes)
From ad465ec15b8d4e8fe45af741bd725df87c3ee549 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A0=D1=83=D1=81=D0=BB=D0=B0=D0=BD=20=D0=98=D0=B6=D0=B1=D1?= =?UTF-8?q?=83=D0=BB=D0=B0=D1=82=D0=BE=D0=B2?= <lrn1986@gmail.com> Date: Sat, 31 Dec 2011 22:40:04 +0400 Subject: [PATCH] Report only short libname to the client --- src/main/extractor.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/main/extractor.c b/src/main/extractor.c index 9789f3f..a9ae8ff 100644 --- a/src/main/extractor.c +++ b/src/main/extractor.c @@ -1746,7 +1746,7 @@ extract_oop (struct EXTRACTOR_PluginList *plugin, mimetype[hdr.mime_len] = '\0'; if ( (proc != NULL) && (0 != proc (proc_cls, - plugin->libname, + plugin->short_libname, hdr.type, hdr.format, mimetype, -- 1.7.4 | ||||
|
That's not good. On GNU/Linux, when I tested it, I don't think I ever got the full paths, only the library name. "jpeg" should suffice, "libextractor_jpeg.so" is still fine, but the full path is not. We should fix that ASAP. |
|
Uploaded a patch. I have not tested it yet, but the idea seems to be simple. |
|
Fix applied in SVN 18866. |
Date Modified | Username | Field | Change |
---|---|---|---|
2011-12-31 17:09 | LRN | New Issue | |
2011-12-31 18:35 | Christian Grothoff | Note Added: 0005227 | |
2011-12-31 18:40 | LRN | File Added: 0001-Report-only-short-libname-to-the-client.patch | |
2011-12-31 18:40 | LRN | Summary | metadata will absolute plugin name is shared? => [patch] metadata will absolute plugin name is shared? |
2011-12-31 18:41 | LRN | Note Added: 0005228 | |
2011-12-31 19:37 | Christian Grothoff | Note Added: 0005229 | |
2011-12-31 19:37 | Christian Grothoff | Status | new => resolved |
2011-12-31 19:37 | Christian Grothoff | Resolution | open => fixed |
2011-12-31 19:37 | Christian Grothoff | Assigned To | => Christian Grothoff |
2011-12-31 19:37 | Christian Grothoff | Project | GNUnet => libextractor |
2011-12-31 19:37 | Christian Grothoff | Category | file-sharing service => General |
2011-12-31 19:38 | Christian Grothoff | Category | General => libextractor main library |
2011-12-31 19:38 | Christian Grothoff | Product Version | SVN HEAD => 0.6.3 |
2011-12-31 19:38 | Christian Grothoff | Fixed in Version | => Git master |
2011-12-31 19:38 | Christian Grothoff | Target Version | => Git master |
2012-01-22 21:14 | Christian Grothoff | Fixed in Version | Git master => 1.0.0 |
2012-01-22 21:14 | Christian Grothoff | Target Version | Git master => 1.0.0 |
2012-09-25 17:18 | Christian Grothoff | Status | resolved => closed |