View Issue Details

IDProjectCategoryView StatusLast Update
0002054libextractorlibextractor main librarypublic2012-09-25 17:18
ReporterLRNAssigned ToChristian Grothoff 
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Product Version0.6.3 
Target Version1.0.0Fixed in Version1.0.0 
Summary0002054: [patch] metadata will absolute plugin name is shared?
DescriptionWhile tracing an opening of a GNUnet directory, i've noticed that the metadata items that is read from .gnd file contain absolute path to the plugins that produced them. Is that secure?
Steps To ReproduceRun gnunet-fs-gtk under gdb
b GNUNET_CONTAINER_meta_data_insert
start
File->Publish
Open a file
Look in gdb and see that GNUNET_CONTAINER_meta_data_insert() is called with absolute plugin name, and it will pass it on, and eventually publish it as-is.
TagsNo tags attached.

Activities

Christian Grothoff

2011-12-31 18:35

manager   ~0005227

That's not good. On GNU/Linux, when I tested it, I don't think I ever got the full paths, only the library name. "jpeg" should suffice, "libextractor_jpeg.so" is still fine, but the full path is not. We should fix that ASAP.

LRN

2011-12-31 18:40

developer  

0001-Report-only-short-libname-to-the-client.patch (842 bytes)
From ad465ec15b8d4e8fe45af741bd725df87c3ee549 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=A0=D1=83=D1=81=D0=BB=D0=B0=D0=BD=20=D0=98=D0=B6=D0=B1=D1?=
 =?UTF-8?q?=83=D0=BB=D0=B0=D1=82=D0=BE=D0=B2?= <lrn1986@gmail.com>
Date: Sat, 31 Dec 2011 22:40:04 +0400
Subject: [PATCH] Report only short libname to the client

---
 src/main/extractor.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/main/extractor.c b/src/main/extractor.c
index 9789f3f..a9ae8ff 100644
--- a/src/main/extractor.c
+++ b/src/main/extractor.c
@@ -1746,7 +1746,7 @@ extract_oop (struct EXTRACTOR_PluginList *plugin,
       mimetype[hdr.mime_len] = '\0';
       if ( (proc != NULL) &&
 	   (0 != proc (proc_cls, 
-		       plugin->libname,
+		       plugin->short_libname,
 		       hdr.type,
 		       hdr.format,
 		       mimetype,
-- 
1.7.4

LRN

2011-12-31 18:41

developer   ~0005228

Uploaded a patch. I have not tested it yet, but the idea seems to be simple.

Christian Grothoff

2011-12-31 19:37

manager   ~0005229

Fix applied in SVN 18866.

Issue History

Date Modified Username Field Change
2011-12-31 17:09 LRN New Issue
2011-12-31 18:35 Christian Grothoff Note Added: 0005227
2011-12-31 18:40 LRN File Added: 0001-Report-only-short-libname-to-the-client.patch
2011-12-31 18:40 LRN Summary metadata will absolute plugin name is shared? => [patch] metadata will absolute plugin name is shared?
2011-12-31 18:41 LRN Note Added: 0005228
2011-12-31 19:37 Christian Grothoff Note Added: 0005229
2011-12-31 19:37 Christian Grothoff Status new => resolved
2011-12-31 19:37 Christian Grothoff Resolution open => fixed
2011-12-31 19:37 Christian Grothoff Assigned To => Christian Grothoff
2011-12-31 19:37 Christian Grothoff Project GNUnet => libextractor
2011-12-31 19:37 Christian Grothoff Category file-sharing service => General
2011-12-31 19:38 Christian Grothoff Category General => libextractor main library
2011-12-31 19:38 Christian Grothoff Product Version SVN HEAD => 0.6.3
2011-12-31 19:38 Christian Grothoff Fixed in Version => current SVN
2011-12-31 19:38 Christian Grothoff Target Version => current SVN
2012-01-22 21:14 Christian Grothoff Fixed in Version current SVN => 1.0.0
2012-01-22 21:14 Christian Grothoff Target Version current SVN => 1.0.0
2012-09-25 17:18 Christian Grothoff Status resolved => closed