[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: out-of-bounds access in kjasappletserver.cpp
From: Matthias Kretz <kretz () kde ! org>
Date: 2008-08-04 14:32:14
Message-ID: 200808041632.14375.kretz () kde ! org
[Download RAW message or body]
Hi,
I got an out-of-bounds access in KJavaAppletServer::slotJavaRequest
(khtml/java/kjavaappletserver.cpp). Attached is a simple patch that should fix
the problem (and another one: the temporary QByteArray was gone too early).
Please CC me, I'm not subscribed.
Regards,
Matthias
--
________________________________________________________
Matthias Kretz (Germany) <><
http://Vir.homelinux.org/
MatthiasKretz@gmx.net, kretz@kde.org,
Matthias.Kretz@urz.uni-heidelberg.de
["kjas.patch" (text/x-patch)]
Index: kjavaappletserver.cpp
===================================================================
--- kjavaappletserver.cpp (revision 841847)
+++ kjavaappletserver.cpp (working copy)
@@ -652,10 +652,12 @@
answer = "nossl";
} else if (args.size() > 2) {
const int certsnr = args[1].toInt();
+ Q_ASSERT(args.size() > certsnr + 1);
QString text;
QList<KSSLCertificate *> certs;
- for (int i = certsnr; i >= 0; --i) {
- KSSLCertificate * cert = \
KSSLCertificate::fromString(args[i+2].toAscii().constData()); + for \
(int i = certsnr - 1; i >= 0; --i) { + const QByteArray &arg = \
args[i + 2].toAscii(); + KSSLCertificate * cert = \
KSSLCertificate::fromString(arg.constData()); if (cert) {
certs.prepend(cert);
if (cert->isSigner())
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic