Suspicious code in kdenetwork-3.5.2
Tobias Koenig
tokoe at kde.org
Wed Apr 19 15:21:22 BST 2006
On Wed, Apr 19, 2006 at 12:19:23AM +0200, Alexander Neundorf wrote:
> On Wednesday 19 April 2006 00:05, Christoph Bartoschek wrote:
Hi Alexander,
> if (socketName.length() >= sizeof(serverAddr.sun_path))
> {
> std::cout<<"NetManager::prepare: your user name \""<<user->pw_name<<"\"
> is too long, exiting."<<std::endl;
Just add a
... << (user->pw_name ? user->pw_name : "" ) << ...
to make it secure.
> The cout accesses user without checking for 0. But this happens only if
> socketName gets too long. If user==0, then socketName will be
> "/tmp/resLisa-???", i.e. not longer than sun_path.
>
> So, does this need fixing or is a comment enough ?
We should fix it, atm we know why this code works, but maybe somebody
some years later won't, that's always a bad thing.
Ciao,
Tobias
--
Separate politics from religion and economy!
The Councile of the European Union is an undemocratic and illegal institution!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 191 bytes
Desc: Digital signature
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20060419/b028f3aa/attachment.sig>
More information about the kde-core-devel
mailing list