volume label parsing regression
Martin Pitt
martin.pitt at ubuntu.com
Thu Apr 9 08:06:58 PDT 2009
Hello Alberto,
Alberto Milone [2009-04-09 9:59 +0200]:
> I've got it since March.
Ah, then it's not due to this patch.
> I also downgraded to hal 0.5.12~rc1+git20090204-0ubuntu4 which
> doesn't contain your patch but lshal still reports: volume.label =
> '%mnt%hdc5' (string)
OK, that proves that the problem is in hal, not in gvfs. It seems that
something in hal replaces / with %, perhaps in an effort to avoid path
traversal attacks from malicious labels? It looks too 'useful' to be a
bug.
Martin
--
Martin Pitt | http://www.piware.de
Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
More information about the hal
mailing list