vulnerabilty fixed

[George Staikos]

And now for the paper bag:

  This only works on systems which have that #define for UNIX_PATH_MAX.  Seems 
like even some Linux systems don't have it.  Does anyone know what the status 
of this #define is in generaly?


On October 31, 2002 20:34, George Staikos wrote:
> How about this supplementary patch?  I haven't really tested it because I
> don't use Lisa at all.  It looks a bit cleaner and safer to me.
>
> On October 31, 2002 17:59, Alexander Neundorf wrote:
> > Hi,
> >
> > there was a vulnerabilty in kdenetwork/lanbrowsing/lisa/ running in
> > restricted mode (reslisa), which enabled a local root exploit, I fixed it
> > immediatly as it was reported to me.
> >
> > Has sun_path on every system the same size ?
> > It's 108 bytes on my box, but google told me also something about 64
> > bytes. Any reliable information ?
> >
> > Patch attached, already commited.
> >
> > Bye
> > Alex
> >
> > --- netmanager.cpp      2002/02/02 10:30:58     1.14
> > +++ netmanager.cpp      2002/10/31 22:45:43
> > @@ -131,14 +131,25 @@ int NetManager::prepare()
> >        m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
> >        //m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
> >        MyString socketName("/tmp/resLisa-");
> > -      socketName+=getenv("LOGNAME");
> > +      char *logname=getenv("LOGNAME");
> > +      if (strlen(logname)>60)
> > +      {
> > +         std::cout<<"NetManager::prepare: your logname 
> > \""<<logname<<"\" is longer than 60 characters, exiting."<<std::endl;
> > +         return 0;
> > +      }
> > +      socketName+=logname;
> >
> >        ::unlink(socketName.data());
> >
> >        sockaddr_un serverAddr;
> >  //      bzero((char*)&serverAddr, sizeof(serverAddr));
> >        memset((void*)&serverAddr, 0, sizeof(serverAddr));
> >        serverAddr.sun_family      = AF_LOCAL;
> >        strcpy(serverAddr.sun_path,socketName.data());

-- 

George Staikos