[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-commits
Subject: kdenetwork/lanbrowsing/lisa
From: Alexander Neundorf <neundorf () kde ! org>
Date: 2002-10-31 22:43:55
[Download RAW message or body]
CVS commit by neundorf:
fixing security vulnerabilty in reslisa, which allowed a local root exploit
Alex
+++ netmanager.cpp 2002/10/31 22:38:58
@@ -156,14 +156,25 @@ int NetManager::prepare()
m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
//m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
MyString socketName("/tmp/resLisa-");
- socketName+=getenv("LOGNAME");
+ char *logname=getenv("LOGNAME");
+ if (strlen(logname)>60)
+ {
+ std::cout<<"NetManager::prepare: your logname \""<<logname<<"\"
is longer than 60 characters, exiting."<<std::endl;
+ return 0;
+ }
+ socketName+=logname;
::unlink(socketName.data());
sockaddr_un serverAddr;
// bzero((char*)&serverAddr, sizeof(serverAddr));
memset((void*)&serverAddr, 0, sizeof(serverAddr));
serverAddr.sun_family = AF_LOCAL;
strcpy(serverAddr.sun_path,socketName.data());
M +13 -2 netmanager.cpp 1.17
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic