'Re: [Kde-pim] Fwd: Re: KDE 4.4.98 (4.4 RC3)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: [Kde-pim] Fwd: Re: KDE 4.4.98 (4.4 RC3)
From:       Thiago Macieira <thiago () kde ! org>
Date:       2010-02-07 8:58:42
Message-ID: 201002070958.51452.thiago () kde ! org
[Download RAW message or body]


Em Domingo 7. Fevereiro 2010, às 04.31.56, Eike Hein escreveu:
> Let me re-summarize the situation for clarity: Right
> now you have to be careful about what's inside the
> QString you pass to KNotification, because if it con-
> tains characters in a certain Unicode character range
> your application will crash as a result due to D-Bus
> closing the connection.

Let me resummarise:

What you said above, except the "pass to KNotification" part. It applies to any 
and every D-Bus call.

> This is problematic because there are many applica-
> tions (chat/messenger apps, some Plasmoids, maybe
> PIM) that pass network-originated data to KNotifi-
> cation without removing characters in that range
> first, since the use of D-Bus is an implementation
> detail irrelevant to the KNotification API, and
> since this D-Bus behavior is not widely known. In
> general, KNotification is among the most prevalent
> ways a KDE application will move its data through
> D-Bus.

Indeed, this may be proeminent with KNotification.

> The underlying problem is not specific to KNotifi-
> cation and should be addressed either in Qt or in
> D-Bus, since it's unrealistic to expect all use of
> D-Bus on the application code or even above-Qt lib-
> rary level to be augmented to screen for these
> characters.

Agreed.

> However, since KNotification is a known and broad
> attack vector, any such change will not make it into
> Qt 4.6.2 (according to Thiago) and the discussion on
> whether to change D-Bus has only just begun on the
> D-Bus mailing list, and we're about to release KDE
> 4.4.0, we have the opportunity to release it with a
> preemptive workaround that addresses the issue as it
> pertains to KNotification.

The protection has to happen somewhere. Technically, it's Konversation's fault 
for passing unfiltered network data into an API.

But it could also be a QString issue, for allowing those invalid UTF-8 strings 
to be converted to UTF-16 in the first place.

Note that changing the D-Bus behaviour may likely introduce bugs in Glib-based 
applications, where conversions from UTF-8 do implement this check. (Which, in 
my opinion, is incomplete)

-- 
Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org
  Senior Product Manager - Nokia, Qt Development Frameworks
      PGP/GPG: 0x6EF45358; fingerprint:
      E067 918B B660 DBD1 105C  966C 33F5 F005 6EF4 5358

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic