[Linuxdcpp-team] [Bug 1502650] Re: DC++ 0.851 - Arbitrary code execution

2015-10-05 Thread Fredrik Ullner
This patch will add a whitelist settings box in "experts only". ** Patch added: "dcpp_validateopenlink2.diff" https://bugs.launchpad.net/dcplusplus/+bug/1502650/+attachment/4485104/+files/dcpp_validateopenlink2.diff -- You received this bug notification because you are a member of Dcplusplus

[Linuxdcpp-team] [Bug 1306825] Re: Hide hubs from the hublist which the user is already connected to

2015-10-05 Thread Fredrik Ullner
Commited. 1) Yeah, I did have a default value for it, don't know why I removed it... Probably copy/paste error. Fixed in commited code. 2) Agreed, I didn't consider it at all. Fixed in commited code. ** Changed in: dcplusplus Status: In Progress => Fix Committed -- You received this bug

[Linuxdcpp-team] [Bug 1306825] Re: Hide hubs from the hublist which the user is already connected to

2015-10-05 Thread poy
great. if I could nitpick: - having to assign a "-1" before calling the new function is a bit ugly... maybe that function should do the assignment? - does "resort" always have to be called? iirc, there are other places where we only resort when the data that has changed is actually being sorted o

[Linuxdcpp-team] [Bug 1502650] Re: DC++ 0.851 - Arbitrary code execution

2015-10-05 Thread Kacper
Hub mainchat/PM: PoC: c://windows//system32//cmd.exe [20:09] c://windows//system32//cmd.exe Also works without file://. -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1502650 Title: DC++ 0.851

[Linuxdcpp-team] [Bug 1502650] Re: DC++ 0.851 - Arbitrary code execution

2015-10-05 Thread Kacper
I attach PoC for plugins without file:// handler. Link is direclty executing: void WinUtil::openLink(const tstring& url) { ::ShellExecute(NULL, NULL, url.c_str(), NULL, NULL, SW_SHOWNORMAL); } ** Attachment added: "exploit_without_file_scheme.dcext" https://bugs.launchpad.net/dcplusp

[Linuxdcpp-team] [Bug 1502650] Re: DC++ 0.851 - Arbitrary code execution

2015-10-05 Thread poy
nice. can you also add a setting to disable it? or even better, allow the whitelist to be user-editable... -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1502650 Title: DC++ 0.851 - Arbitrary code

[Linuxdcpp-team] [Bug 914079] Re: Ability to set Tabs text of hubs

2015-10-05 Thread Fredrik Ullner
** Changed in: dcplusplus Status: In Progress => Confirmed -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/914079 Title: Ability to set Tabs text of hubs Status in DC++: Confirmed Bug des

[Linuxdcpp-team] [Bug 1502650] Re: DC++ 0.851 - Arbitrary code execution

2015-10-05 Thread Fredrik Ullner
** Changed in: dcplusplus Status: New => In Progress ** Changed in: dcplusplus Importance: Undecided => Medium -- You received this bug notification because you are a member of Dcplusplus-team, which is subscribed to DC++. https://bugs.launchpad.net/bugs/1502650 Title: DC++ 0.851 -