Review Request 125338: Fix out of bounds memory access in KNTLM::getAuth
Albert Astals Cid
aacid at kde.org
Mon Sep 21 19:56:14 UTC 2015
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/125338/
-----------------------------------------------------------
Review request for KDE Frameworks and Dawit Alemayehu.
Repository: kio
Description
-------
Make sure the size of the byte array we just dumped into the struct is big enough before calculating the targetInfo, otherwise we're accessing memory that doesn't belong to us
Fix out of bounds memory access https://build.kde.org/job/kio%20master%20kf5-qt5/PLATFORM=Linux,compiler=gcc/102/testReport/junit/%28root%29/TestSuite/kioslave_httpauthenticationtest/
Also remove a cast to quint32 that is not necessary since the member is already a quint32
Diffs
-----
src/kntlm/kntlm.cpp 77526dd
Diff: https://git.reviewboard.kde.org/r/125338/diff/
Testing
-------
Valgrind doesn't complain anymore.
Thanks,
Albert Astals Cid
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20150921/99ce22e4/attachment.html>
More information about the Kde-frameworks-devel
mailing list