Suspicious code in kdenetwork-3.5.2

Tobias Koenig tokoe at
Wed Apr 19 15:21:22 BST 2006

On Wed, Apr 19, 2006 at 12:19:23AM +0200, Alexander Neundorf wrote:
> On Wednesday 19 April 2006 00:05, Christoph Bartoschek wrote:
Hi Alexander,

>    if (socketName.length() >= sizeof(serverAddr.sun_path))
>    {
>       std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name<<"\" 
> is too long, exiting."<<std::endl;
Just add a
  ... << (user->pw_name ? user->pw_name : "" ) << ...
to make it secure.

> The cout accesses user without checking for 0. But this happens only if 
> socketName gets too long. If user==0, then socketName will be 
> "/tmp/resLisa-???", i.e. not longer than sun_path.
> So, does this need fixing or is a comment enough ?
We should fix it, atm we know why this code works, but maybe somebody
some years later won't, that's always a bad thing.

Separate politics from religion and economy!
The Councile of the European Union is an undemocratic and illegal institution!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <>

More information about the kde-core-devel mailing list