From kde-commits  Thu Oct 31 22:46:57 2002
From: Alexander Neundorf <neundorf () kde ! org>
Date: Thu, 31 Oct 2002 22:46:57 +0000
To: kde-commits
Subject: KDE_3_0_BRANCH: kdenetwork/lanbrowsing/lisa
X-MARC-Message: https://marc.info/?l=kde-commits&m=103610448821232

CVS commit by neundorf: 

fixing security vulnerabilty (root exploit) in reslisa

Alex


--- netmanager.cpp      2002/02/02 10:30:58     1.14
+++ netmanager.cpp      2002/10/31 22:45:43
@@ -131,14 +131,25 @@ int NetManager::prepare()
       m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
       //m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
       MyString socketName("/tmp/resLisa-");
-      socketName+=getenv("LOGNAME");
+      char *logname=getenv("LOGNAME");
+      if (strlen(logname)>60)
+      {
+         std::cout<<"NetManager::prepare: your logname  \""<<logname<<"\"
is longer than 60 characters, exiting."<<std::endl;
+         return 0;
+      }
+      socketName+=logname;
       ::unlink(socketName.data());
       sockaddr_un serverAddr;
 //      bzero((char*)&serverAddr, sizeof(serverAddr));
       memset((void*)&serverAddr, 0, sizeof(serverAddr));
       serverAddr.sun_family      = AF_LOCAL;
       strcpy(serverAddr.sun_path,socketName.data());


  M +14 -3     netmanager.cpp   1.14.2.1