[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-core-devel
Subject: Re: Suspicious code in kdenetwork-3.5.2
From: Tobias Koenig <tokoe () kde ! org>
Date: 2006-04-19 14:21:22
Message-ID: 20060419142122.GB6049 () ghostdog ! localnet
[Download RAW message or body]
On Wed, Apr 19, 2006 at 12:19:23AM +0200, Alexander Neundorf wrote:
> On Wednesday 19 April 2006 00:05, Christoph Bartoschek wrote:
Hi Alexander,
> if (socketName.length() >= sizeof(serverAddr.sun_path))
> {
> std::cout<<"NetManager::prepare: your user name \""<<user->pw_name<<"\"
> is too long, exiting."<<std::endl;
Just add a
... << (user->pw_name ? user->pw_name : "" ) << ...
to make it secure.
> The cout accesses user without checking for 0. But this happens only if
> socketName gets too long. If user==0, then socketName will be
> "/tmp/resLisa-???", i.e. not longer than sun_path.
>
> So, does this need fixing or is a comment enough ?
We should fix it, atm we know why this code works, but maybe somebody
some years later won't, that's always a bad thing.
Ciao,
Tobias
--
Separate politics from religion and economy!
The Councile of the European Union is an undemocratic and illegal institution!
["signature.asc" (application/pgp-signature)]
___________________________________________________________
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic