Review Request 125338: Fix out of bounds memory access in KNTLM::getAuth

Albert Astals Cid aacid at kde.org
Fri Oct 2 21:37:25 UTC 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/125338/
-----------------------------------------------------------

(Updated Oct. 2, 2015, 9:37 p.m.)


Status
------

This change has been marked as submitted.


Review request for KDE Frameworks and Dawit Alemayehu.


Changes
-------

Submitted with commit e30ccc368be95a0a43b805b9c2f94257a426854d by Albert Astals Cid to branch master.


Repository: kio


Description
-------

Make sure the size of the byte array we just dumped into the struct is big enough before calculating the targetInfo, otherwise we're accessing memory that doesn't belong to us

Fix out of bounds memory access https://build.kde.org/job/kio%20master%20kf5-qt5/PLATFORM=Linux,compiler=gcc/102/testReport/junit/%28root%29/TestSuite/kioslave_httpauthenticationtest/

Also remove a cast to quint32 that is not necessary since the member is already a quint32


Diffs
-----

  src/kntlm/kntlm.cpp 77526dd 

Diff: https://git.reviewboard.kde.org/r/125338/diff/


Testing
-------

Valgrind doesn't complain anymore.


Thanks,

Albert Astals Cid

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20151002/c3f7b9ef/attachment.html>


More information about the Kde-frameworks-devel mailing list