Bug 178229

Summary: Storing a specific KSslCertificateRule can crash kssld
Product: [Frameworks and Libraries] kdelibs Reporter: Michael Leupold <lemma>
Component: kdecoreAssignee: kdelibs bugs <kdelibs-bugs>
Status: RESOLVED FIXED    
Severity: crash CC: ahartmetz
Priority: NOR    
Version: 4.1   
Target Milestone: ---   
Platform: Compiled Sources   
OS: Linux   
Latest Commit: Version Fixed In:

Description Michael Leupold 2008-12-19 22:27:53 UTC 
Version:            (using Devel)
OS:                Linux
Installed from:    Compiled sources

KSSLD::setRule() uses the certificate's digest as the name of a KConfigGroup (kssld.cpp:108). This leads to a crash in kssld if the last byte of the digest is 0x1d as this is used as some (stringlist?) separator in kconfigini.cpp:294.

I just happened to stumble upon this bug when connecting to some router that had a certificate that triggered this bug.

I don't see a straightforward way to fix it so I can't provide a patch. A "clean" way might be to use rule.certificate().digest().toHex() as the groupname instead - but that would kill compatibility with old config files.

Just a thought: it might do unexpected things if the digest contains [ or ] as well.
Comment 1 Michael Leupold 2008-12-19 22:29:21 UTC 
CCing maelcum as I don't know if I assigned the right product and/or he's reading the konq-bugs mailinglist.
Comment 2 Michael Leupold 2009-01-02 00:30:24 UTC 
Talked to ahartmetz and we agreed that this should be fixed in kconfig. KConfig should be able to handle binary data as section headers as well and shouldn't fail on special separator characters.
Comment 3 Andreas Hartmetz 2009-01-22 03:26:08 UTC 
SVN commit 914920 by ahartmetz:

Don't use binary group names for kssld/ksslcertificatemanager, they break KConfig.
Included is a kconfig_update script to delete the old config file.
BUG:178229


 M  +3 -0      CMakeLists.txt  
 A             kssl/ksslcertificatemanager.upd  
 A             kssl/ksslcertificatemanager.upd.sh  
 M  +3 -3      misc/kssld/kssld.cpp  


WebSVN link: http://websvn.kde.org/?view=rev&revision=914920