[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-commits
Subject:    KDE_3_0_BRANCH: kdenetwork/lanbrowsing/lisa
From:       Alexander Neundorf <neundorf () kde ! org>
Date:       2002-10-31 22:46:57
[Download RAW message or body]

CVS commit by neundorf: 

fixing security vulnerabilty (root exploit) in reslisa

Alex


--- netmanager.cpp      2002/02/02 10:30:58     1.14
+++ netmanager.cpp      2002/10/31 22:45:43
@@ -131,14 +131,25 @@ int NetManager::prepare()
       m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
       //m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
       MyString socketName("/tmp/resLisa-");
-      socketName+=getenv("LOGNAME");
+      char *logname=getenv("LOGNAME");
+      if (strlen(logname)>60)
+      {
+         std::cout<<"NetManager::prepare: your logname  \""<<logname<<"\"
is longer than 60 characters, exiting."<<std::endl;
+         return 0;
+      }
+      socketName+=logname;
       ::unlink(socketName.data());
       sockaddr_un serverAddr;
 //      bzero((char*)&serverAddr, sizeof(serverAddr));
       memset((void*)&serverAddr, 0, sizeof(serverAddr));
       serverAddr.sun_family      = AF_LOCAL;
       strcpy(serverAddr.sun_path,socketName.data());


  M +14 -3     netmanager.cpp   1.14.2.1

[prev in list] [next in list] [prev in thread] [next in thread] 

Configure | About | News | Add a list | Sponsored by KoreLogic