[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: nspluginviewer still crashes
From:       Dirk Mueller <mueller () kde ! org>
Date:       2001-08-11 0:43:48
[Download RAW message or body]

On Fre, 10 Aug 2001, Waldo Bastian wrote:

> Someone replaced the working version with some BSD crap it seems.

I guess you mean me as I'm suddenly CC'ed. I fail to see where mkstemps is 
"BSD crap". could you explain please ? What I did is fixing the horrible 
broken code that was #ifdef'ed for *BSD before and caused regular crashes of 
all kind (as it buffer-overflowed, leaked and feeded a system call with 
invalid input). I understood at that point why *BSD'ers where complaining 
about the lack of stability in konqueror/KDE. 

Anyway, your patch seem to respect all the loopholes about tmp-file attacks 
I know of, but still using a standard function that has been reviewed half a 
million times is imho safer than reinventing the wheel. 

Plus its still a major fault of nspluginviewer if it uses website-delivered 
data unchecked for local file creation, because it could still contain 
backreferences, special shell characters, whatever you can think of. 


Dirk
 
>> Visit http://master.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<

[prev in list] [next in list] [prev in thread] [next in thread]