90252 – htmlview tries to execute an empty string

Bug 90252 - htmlview tries to execute an empty string

Summary: htmlview tries to execute an empty string

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Red Hat Linux
Classification:	Retired
Component:	htmlview
Sub Component:
Version:	9
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Christopher Aillon
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2003-05-05 23:27 UTC by Michal Jaegermann
Modified:	2007-04-18 16:53 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2005-04-25 07:33:17 UTC
Embargoed:

Attachments	(Terms of Use)

Description Michal Jaegermann 2003-05-05 23:27:51 UTC

Description of problem:

In /usr/bin/htmlview there is the following code:

	GCONF=$(gconftool-2 -g /desktop/gnome/url-handlers/unknown/command \
		2>/dev/null | sed -e 's/%s//')

Looks innocent enough but gconftool-2 has quotes and the above results in

mozilla ""

and later this is stuck on the front on X11BROWSERS.  If 'mozilla' fails
for whatever reasons then sticking "" in front of 'exec' in this line

                exists $i && exec $i $*

may do, or do not, $DEITY knows what.  This can be a security issue.
Likely hard to exploit if you do not have already a "better" access
but surely can be used in "practical jokes".

This can be fixed either by doing

         sed -e 's/ .*//'

above or, possibly better in case some names would have blanks in it,
by putting

                 [ "$1" ] || return 1

just at the beginning of function 'exists'.

Version-Release number of selected component (if applicable):
htmlview-2.0.0-10

Note You need to log in before you can comment on or make changes to this bug.