From kde-core-devel  Wed Apr 19 14:21:22 2006
From: Tobias Koenig <tokoe () kde ! org>
Date: Wed, 19 Apr 2006 14:21:22 +0000
To: kde-core-devel
Subject: Re: Suspicious code in kdenetwork-3.5.2
Message-Id: <20060419142122.GB6049 () ghostdog ! localnet>
X-MARC-Message: https://marc.info/?l=kde-core-devel&m=114545645815924
MIME-Version: 1
Content-Type: multipart/mixed; boundary="--5I6of5zJg18YgZEa"


--5I6of5zJg18YgZEa
Content-Type: text/plain; charset=iso-8859-15
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Apr 19, 2006 at 12:19:23AM +0200, Alexander Neundorf wrote:
> On Wednesday 19 April 2006 00:05, Christoph Bartoschek wrote:
Hi Alexander,

>    if (socketName.length() >=3D sizeof(serverAddr.sun_path))
>    {
>       std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name=
<<"\"=20
> is too long, exiting."<<std::endl;
Just add a
  ... << (user->pw_name ? user->pw_name : "" ) << ...
to make it secure.

> The cout accesses user without checking for 0. But this happens only if=
=20
> socketName gets too long. If user=3D=3D0, then socketName will be=20
> "/tmp/resLisa-???", i.e. not longer than sun_path.
>=20
> So, does this need fixing or is a comment enough ?
We should fix it, atm we know why this code works, but maybe somebody
some years later won't, that's always a bad thing.

Ciao,
Tobias
--=20
Separate politics from religion and economy!
The Councile of the European Union is an undemocratic and illegal instituti=
on!

--5I6of5zJg18YgZEa
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (GNU/Linux)

iD8DBQFERkdiSvFUKpY6VLARAjpsAJ9/FnKSCCZdkrudg+nqRijPKgoEigCgvZOZ
ncvV5NF828g5DcuSuFHP4rg=
=JpO2
-----END PGP SIGNATURE-----

--5I6of5zJg18YgZEa--

	

	
		
___________________________________________________________ 
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de