Mangle the format?

Reinhold Kainhofer reinhold at kainhofer.com
Fri Oct 29 16:08:27 CEST 2004


On Friday 29 October 2004 15:09, Bo Thorsen wrote:
> And with shared folders, it's pretty easy for someone to store an odd iCal
> or XML file in there - but you can only do that if you have write access
> to the folders. I would agree with David that there are easier ways to
> DOS attack Kontact.

Unfortunately, it's not even so much about odd files. 
Currently, even perfectly valid files crash libical. E.g. Apple iCal's ics 
files with a procedure alarm crash libkcal: 
http://bugs.kde.org/show_bug.cgi?id=88840
These are valid calendar files, but since ATTACH;VALUE=URI:... is never 
created by libkcal, we have never really tested it. 

I suppose there are lots of similar combinations out there that crash libkcal, 
but haven't been found yet. An automatic tool to generate random iCalendar 
files would certainly help here.
Anyway, it's completely off-topic here now.

Reinhold

-- 
------------------------------------------------------------------
Reinhold Kainhofer, Vienna University of Technology, Austria
email: reinhold at kainhofer.com, http://reinhold.kainhofer.com/
 * Financial and Actuarial Mathematics, TU Wien, http://www.fam.tuwien.ac.at/
 * K Desktop Environment, http://www.kde.org, KOrganizer / KPilot maintainer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/format/attachments/20041029/10fd9940/attachment.sig>


More information about the format mailing list