[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Suspicious code in kdenetwork-3.5.2
From:       Alexander Neundorf <neundorf () kde ! org>
Date:       2006-04-18 22:19:23
Message-ID: 200604190019.23973.neundorf () kde ! org
[Download RAW message or body]

On Wednesday 19 April 2006 00:05, Christoph Bartoschek wrote:
> If the if condition in line 85 is true, then line 86 crashes.
>
> - lanbrowsing/lisa/netmanager.cpp:183
>
> If user is NULL as indicated by line 174 and the if condition in line
> 181 is true, then line 183 crashes.

That's the code:

   if ( user )
      socketName+=user->pw_name;
   else
      //should never happen
      socketName+="???";
   ::unlink(socketName.data());
   sockaddr_un serverAddr;
   if (socketName.length() >= sizeof(serverAddr.sun_path))
   {
      std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name<<"\" 
is too long, exiting."<<std::endl;

The cout accesses user without checking for 0. But this happens only if 
socketName gets too long. If user==0, then socketName will be 
"/tmp/resLisa-???", i.e. not longer than sun_path.

So, does this need fixing or is a comment enough ?

Bye
Alex
-- 
Work: alexander.neundorf AT jenoptik.com - http://www.jenoptik-los.de
Home: neundorf AT kde.org                - http://www.kde.org
      alex AT neundorf.net               - http://www.neundorf.net
[prev in list] [next in list] [prev in thread] [next in thread]