[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-core-devel
Subject:    Re: Suspicious code in kdenetwork-3.5.2
From:       Tobias Koenig <tokoe () kde ! org>
Date:       2006-04-19 14:21:22
Message-ID: 20060419142122.GB6049 () ghostdog ! localnet
[Download RAW message or body]

On Wed, Apr 19, 2006 at 12:19:23AM +0200, Alexander Neundorf wrote:
> On Wednesday 19 April 2006 00:05, Christoph Bartoschek wrote:
Hi Alexander,

>    if (socketName.length() >= sizeof(serverAddr.sun_path))
>    {
>       std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name<<"\" 
> is too long, exiting."<<std::endl;
Just add a
  ... << (user->pw_name ? user->pw_name : "" ) << ...
to make it secure.

> The cout accesses user without checking for 0. But this happens only if 
> socketName gets too long. If user==0, then socketName will be 
> "/tmp/resLisa-???", i.e. not longer than sun_path.
> 
> So, does this need fixing or is a comment enough ?
We should fix it, atm we know why this code works, but maybe somebody
some years later won't, that's always a bad thing.

Ciao,
Tobias
-- 
Separate politics from religion and economy!
The Councile of the European Union is an undemocratic and illegal institution!

["signature.asc" (application/pgp-signature)]
___________________________________________________________ 
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de

[prev in list] [next in list] [prev in thread] [next in thread]