Demo Discussion
Forum Config Examples Contributions Vulnerabilities
  Discussion forum about ELOG  Not logged in ELOG logo
 Back  |  Find  |  Login  |  Help 
icon4.gif   Crafted URL causes elog to coredump, posted by Steve Jones on Sat Mar 4 06:08:29 2006 
    icon2.gif   Re: Crafted URL causes elog to coredump, posted by Stefan Ritt on Mon Mar 6 14:04:12 2006 
       icon2.gif   Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 17:35:52 2006 
          icon2.gif   Re: Crafted URL causes elog to coredump, posted by Stefan Ritt on Mon Mar 6 17:45:18 2006 
             icon2.gif   Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:04:39 2006 
             icon2.gif   Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:06:32 2006 
                icon2.gif   [UPDATE] Re: Crafted URL causes elog to coredump, posted by Steve Jones on Mon Mar 6 18:54:32 2006 
                   icon2.gif   [UPDATE2] Re: Crafted URL causes elog to coredump, posted by Steve Jones on Wed Mar 8 18:05:54 2006 
                      icon2.gif   [Segmentation Fault source identified] Verbose Output: Re: Crafted URL causes elog to coredump, posted by Steve Jones on Wed Mar 8 20:19:14 2006 
Message ID: 1759     Entry time: Mon Mar 6 18:54:32 2006     In reply to: 1757     Reply to this: 1762
Icon: Reply  Author: Steve Jones  Author Email: steve.jones@freescale.com 
Category: Bug report  OS: All  ELOG Version: 2.6.1-1660 
Subject: [UPDATE] Re: Crafted URL causes elog to coredump 

Steve Jones wrote:

Stefan Ritt wrote:

Steve Jones wrote:
Try a non-existent logbook - example http://midas.psi.ch/elogs/elog/NewForum. This is occurring under rev 1660.


No, the above link just works fine, just click it.



Quote:
I was afraid to try Big grin . Ok, then the issue *might* be rev 1660. On my production version running 2.5.3 I get the expected "Invalid URL: <name>" box. Any suggestions on how to find out?



Steve Jones wrote:
Ok, here is what I found:
ELOG V3.1.5-3fb85fa6