[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

smbfs, mp3, and system() call

Hi all,
First thanks for the great software you did with namazu.
I just had little trouble that I want to report you.

I tried to index a smb mounted directory,
but mknmz failed to traverse any directory.
It stop indexing at the first directory level.
The file server is samba 2.2.3a on FreeBSD4.5,
the client is smbmount 2.2.3a on Linux slackware8.
Everything works fine on local dirs, and on NFS mounted dirs.
This might be a problem in sub add_target() in mknmz...
I'll dug it later if needed (?)

I use namazu 2.0.10 with my own made mp3 filter (see attached)
I used mp3 tools from Matthew Sachs
wich uses MP3::Info modules from CPAN
and want you to know about, and do whatever you want with
I can write little note if you want to include it in distribution....

You might also have a look at the sub backslah_shellchars in,
to include it in . Because there might be a bug in
wich affect the system() call ( filter/ line 71 ) that may
be exploitable with a evily crafted filename, to execute arbitary code on system...
you might want to consider using backslah_shellchars on $cfile before sending it to
system() . It might also be exploitable on

that's all folks !!!
thanks again for the great work

Description: Binary data