[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Re: Security scan on kio[OT]
From:       Waldo Bastian <bastian () suse ! de>
Date:       2000-03-04 12:29:52
[Download RAW message or body]

On Sat, 04 Mar 2000, Waldo Bastian wrote:
> On Sat, 04 Mar 2000, David Faure wrote:
> > Some interesting things... but the tool doesn't see everything
> > right. For instance:
> > "global.cpp:368:(Very Risky) strcpy
> > This function is high risk for buffer overflows
> > Use strncpy instead."
> >
> > Well, the code says:
> >         if (filename.length() >= sizeof(realname))
> >             return QString::null;
> >         strcpy(realname, QFile::encodeName(filename));
> > So we check for the length first, no risk at all...
>
> Do you take the trailing '0' into account?

What if the result of QFile::encodeName(...) is longer than then the 
length of filename?

Cheers,
Waldo

[prev in list] [next in list] [prev in thread] [next in thread]