Review Request 126539: Check sockaddr_un buffer size before strcpy()ing into it.
Michael Pyne
mpyne at kde.org
Mon Dec 28 00:17:29 UTC 2015
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126539/
-----------------------------------------------------------
Review request for KDE Frameworks and Plasma.
Repository: kwallet-pam
Description
-------
Coverity strikes again, and notes in CID 1335116 that copying the socket name into a fixed-size buffer here could overflow the buffer. I don't see any reason it would be wrong in all cases, so best to double-check.
Submitting for review mostly because I don't use pam_kwallet, otherwise the check is simple enough that I'd feel comfortable committing directly. Note that the len that is already calculated includes the null terminator already.
Diffs
-----
pam_kwallet.c 345aa03
Diff: https://git.reviewboard.kde.org/r/126539/diff/
Testing
-------
Code still compiles.
Thanks,
Michael Pyne
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20151228/46923161/attachment.html>
More information about the Kde-frameworks-devel
mailing list