[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Suspicious code in kdenetwork-3.5.2
From: Alexander Neundorf <neundorf () kde ! org>
Date: 2006-04-18 22:19:23
Message-ID: 200604190019.23973.neundorf () kde ! org
[Download RAW message or body]
On Wednesday 19 April 2006 00:05, Christoph Bartoschek wrote:
> If the if condition in line 85 is true, then line 86 crashes.
>
> - lanbrowsing/lisa/netmanager.cpp:183
>
> If user is NULL as indicated by line 174 and the if condition in line
> 181 is true, then line 183 crashes.
That's the code:
if ( user )
socketName+=user->pw_name;
else
//should never happen
socketName+="???";
::unlink(socketName.data());
sockaddr_un serverAddr;
if (socketName.length() >= sizeof(serverAddr.sun_path))
{
std::cout<<"NetManager::prepare: your user name \""<<user->pw_name<<"\"
is too long, exiting."<<std::endl;
The cout accesses user without checking for 0. But this happens only if
socketName gets too long. If user==0, then socketName will be
"/tmp/resLisa-???", i.e. not longer than sun_path.
So, does this need fixing or is a comment enough ?
Bye
Alex
--
Work: alexander.neundorf AT jenoptik.com - http://www.jenoptik-los.de
Home: neundorf AT kde.org - http://www.kde.org
alex AT neundorf.net - http://www.neundorf.net
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic