Suspicious code in kdenetwork-3.5.2

Alexander Neundorf neundorf at kde.org
Tue Apr 18 23:19:23 BST 2006


On Wednesday 19 April 2006 00:05, Christoph Bartoschek wrote:
> If the if condition in line 85 is true, then line 86 crashes.
>
> - lanbrowsing/lisa/netmanager.cpp:183
>
> If user is NULL as indicated by line 174 and the if condition in line
> 181 is true, then line 183 crashes.

That's the code:

   if ( user )
      socketName+=user->pw_name;
   else
      //should never happen
      socketName+="???";
   ::unlink(socketName.data());
   sockaddr_un serverAddr;
   if (socketName.length() >= sizeof(serverAddr.sun_path))
   {
      std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name<<"\" 
is too long, exiting."<<std::endl;

The cout accesses user without checking for 0. But this happens only if 
socketName gets too long. If user==0, then socketName will be 
"/tmp/resLisa-???", i.e. not longer than sun_path.

So, does this need fixing or is a comment enough ?

Bye
Alex
-- 
Work: alexander.neundorf AT jenoptik.com - http://www.jenoptik-los.de
Home: neundorf AT kde.org                - http://www.kde.org
      alex AT neundorf.net               - http://www.neundorf.net




More information about the kde-core-devel mailing list