Review Request 125338: Fix out of bounds memory access in KNTLM::getAuth
Albert Astals Cid
aacid at kde.org
Fri Oct 2 21:37:25 UTC 2015
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/125338/
-----------------------------------------------------------
(Updated Oct. 2, 2015, 9:37 p.m.)
Status
------
This change has been marked as submitted.
Review request for KDE Frameworks and Dawit Alemayehu.
Changes
-------
Submitted with commit e30ccc368be95a0a43b805b9c2f94257a426854d by Albert Astals Cid to branch master.
Repository: kio
Description
-------
Make sure the size of the byte array we just dumped into the struct is big enough before calculating the targetInfo, otherwise we're accessing memory that doesn't belong to us
Fix out of bounds memory access https://build.kde.org/job/kio%20master%20kf5-qt5/PLATFORM=Linux,compiler=gcc/102/testReport/junit/%28root%29/TestSuite/kioslave_httpauthenticationtest/
Also remove a cast to quint32 that is not necessary since the member is already a quint32
Diffs
-----
src/kntlm/kntlm.cpp 77526dd
Diff: https://git.reviewboard.kde.org/r/125338/diff/
Testing
-------
Valgrind doesn't complain anymore.
Thanks,
Albert Astals Cid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20151002/c3f7b9ef/attachment.html>
More information about the Kde-frameworks-devel
mailing list