[Bug 811959] New: Inappropriate content is passed to the browser when using 'Expert Infos' window 'Internet search -> For Info Text' for SSDP M-SEARCH * or NOTIFY *
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c0 Summary: Inappropriate content is passed to the browser when using 'Expert Infos' window 'Internet search -> For Info Text' for SSDP M-SEARCH * or NOTIFY * Classification: openSUSE Product: openSUSE 12.3 Version: Final Platform: x86-64 OS/Version: SUSE Other Status: NEW Severity: Normal Priority: P5 - None Component: Network AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: vkijasev@suse.com QAContact: qa-bugs@suse.de Found By: --- Blocker: --- Created an attachment (id=532063) --> (http://bugzilla.novell.com/attachment.cgi?id=532063) screenshot User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:19.0) Gecko/20100101 Firefox/19.0 When using functionality 'Internet search -> For Info Text' for SSDP M-SEARCH * or NOTIFY * from 'Expert Infos' window the browser (Mozilla) is opened and within the google search field list of directories and files of my home directory is presented: 'M-SEARCH dir1 dir 2 dir 3 file1 file2 HTTP/1.1 ' Reproducible: Always Steps to Reproduce: 1.start new live capture (or load file with the SSDP packets) - filter SSDP or stop capture when SSDP appears 2.open 'Expert Infos' window (by clicking on left down corner icon or Analyze -> Expert Info) 3.navigate to 'Chats' tab 4. find M-SEARCH * HTTP/1.1 in summary for HTTP protocol 5. right click on summary and select 'Internet Search' -> 'For Info Text' Actual Results: When browser Mozilla opens there in the search box instead of '*' star symbol there is a list of files and directories from my home directory Expected Results: There should be just the content presented in Summary field (for instance 'M-SEARCH * HTTP/1.1') OpenSuse 12.3 wireshark 1.8.6 (SVN Rev Unknown from unknown) Copyright 1998-2013 Gerald Combs <gerald@wireshark.org> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 3.6.4, with Cairo 1.12.8, with Pango 1.32.5, with GLib 2.34.3, with libpcap, with libz 1.2.7, with POSIX capabilities (Linux), with SMI 0.4.8, with c-ares 1.7.5, with Lua 5.1, with Python 2.7.3, without GnuTLS, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP, with PortAudio V19-devel (built Apr 2 2012 11:03:56), with AirPcap. Running on Linux 3.7.10-1.1-desktop, with locale POSIX, with libpcap version 1.3.0, with libz 1.2.7, Gcrypt 1.5.0, without AirPcap. Built using gcc 4.7.2 20130108 [gcc-4_7-branch revision 195012]. firefox -v Mozilla Firefox 19.0.2 desktop KDE 4.10.00 release 1 Note: I have tried it on Windows XP with the following browsers: Opera, IE, Firefox, Safari and problem does not occur -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c1 --- Comment #1 from Viktor Kijasev <vkijasev@suse.com> 2013-03-27 10:00:03 UTC --- Forgot important info: the used application is Wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c2 --- Comment #2 from Viktor Kijasev <vkijasev@suse.com> 2013-03-27 10:55:13 UTC --- Tried on SLED 11 SP2 Wireshark 1.8.5 Firefox 17.0.4 Gnome 2.28.2 Problem does not occur. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c3 --- Comment #3 from Viktor Kijasev <vkijasev@suse.com> 2013-03-27 11:16:46 UTC --- Created an attachment (id=532104) --> (http://bugzilla.novell.com/attachment.cgi?id=532104) backtrace -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c4 --- Comment #4 from Viktor Kijasev <vkijasev@suse.com> 2013-03-27 11:18:53 UTC --- Clarification: content is not passed just from /home directory but it is directory from which the wireshark is started (from command line). -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c Viktor Kijasev <vkijasev@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium Severity|Normal |Major -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c FeiXiang Zhang <fxzhang@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |cyliu@suse.com |ovo.novell.com | -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c5 --- Comment #5 from Chunyan Liu <cyliu@suse.com> 2013-04-26 08:31:01 UTC --- The problem is in xdg-utils. With xdg-utils in OpenSUSE12.3 (xdg-utils-20120916-2.1.1-noarch), do: #xdg-open "http://www.google.com/search?hl=en&q=HTTP+'M-SEARCH * HTTP/1.1'" will result in the bug reported, it will parse "*" to other string. With xdg-utils in SLES-11-SP2 (xdg-utils-1.0.2-36.18), there is no problem. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c6 Chunyan Liu <cyliu@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|cyliu@suse.com |kde-maintainers@suse.de --- Comment #6 from Chunyan Liu <cyliu@suse.com> 2013-04-26 08:36:07 UTC --- Assign to xdg-utils maintainer to have a look. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c7 Raymond Wooninck <tittiatcoke@gmail.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tittiatcoke@gmail.com AssignedTo|kde-maintainers@suse.de |jslaby@suse.com --- Comment #7 from Raymond Wooninck <tittiatcoke@gmail.com> 2013-04-26 10:01:15 UTC --- The KDE team does not maintain xdg-utils. Setting it to the last person that did the last few updates on the package. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c8 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |NEEDINFO InfoProvider| |vkijasev@suse.com --- Comment #8 from Jiri Slaby <jslaby@suse.com> 2013-05-01 14:58:26 UTC --- According to strace, it does the good job here: execve("/usr/bin/xdg-open", ["xdg-open", "http://www.google.com/search?hl=en&q=HTTP+'M-SEARCH * HTTP/1.1\\r\\n'"], [/* 91 vars */] = 0 execve("/usr/bin/kde-open", ["kde-open", "-v"], [/* 91 vars */]) = 0 execve("/usr/bin/kde-open", ["kde-open", "http://www.google.com/search?hl=en&q=HTTP+'M-SEARCH * HTTP/1.1\\r\\n'"], [/* 91 vars */]) = 0 I.e. properly quoted. What do you see when you run wireshark as follows: strace -fe execve -s 1000 wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c9 --- Comment #9 from Viktor Kijasev <vkijasev@suse.com> 2013-05-16 08:05:12 UTC --- Created an attachment (id=539528) --> (http://bugzilla.novell.com/attachment.cgi?id=539528) strace -fe execve -s 1000 wireshark strace -fe execve -s 1000 wireshark -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c10 --- Comment #10 from Jiri Slaby <jslaby@suse.com> 2013-05-20 12:02:35 UTC --- I see. Does this package help: https://build.opensuse.org/package/show?package=xdg-utils&project=X11%3Acommon%3AFactory ? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c11 --- Comment #11 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-05-20 15:00:19 CEST --- This is an autogenerated message for OBS integration: This bug (811959) was mentioned in https://build.opensuse.org/request/show/176141 Factory / xdg-utils -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=811959 https://bugzilla.novell.com/show_bug.cgi?id=811959#c12 Jiri Slaby <jslaby@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |RESOLVED InfoProvider|vkijasev@suse.com | Resolution| |NORESPONSE --- Comment #12 from Jiri Slaby <jslaby@suse.com> 2013-06-16 14:42:39 UTC --- Closed due to lack of response. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com