Review Request 125338: Fix out of bounds memory access in KNTLM::getAuth

[Albert Astals Cid]

> On set. 24, 2015, 3:15 p.m., Aleix Pol Gonzalez wrote:
> > src/kntlm/kntlm.cpp, line 246
> > <https://git.reviewboard.kde.org/r/125338/diff/1/?file=404939#file404939line246>
> >
> >     Isn't this already checked in line 230? Or is `sizeof(Challenge)!=32`?

sizeof(Challenge) is 40, i understand that the last bits are optional (hence the checks for targetInfo.isEmpty())


- Albert


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/125338/#review85873
-----------------------------------------------------------


On set. 21, 2015, 7:56 p.m., Albert Astals Cid wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/125338/
> -----------------------------------------------------------
> 
> (Updated set. 21, 2015, 7:56 p.m.)
> 
> 
> Review request for KDE Frameworks and Dawit Alemayehu.
> 
> 
> Repository: kio
> 
> 
> Description
> -------
> 
> Make sure the size of the byte array we just dumped into the struct is big enough before calculating the targetInfo, otherwise we're accessing memory that doesn't belong to us
> 
> Fix out of bounds memory access https://build.kde.org/job/kio%20master%20kf5-qt5/PLATFORM=Linux,compiler=gcc/102/testReport/junit/%28root%29/TestSuite/kioslave_httpauthenticationtest/
> 
> Also remove a cast to quint32 that is not necessary since the member is already a quint32
> 
> 
> Diffs
> -----
> 
>   src/kntlm/kntlm.cpp 77526dd 
> 
> Diff: https://git.reviewboard.kde.org/r/125338/diff/
> 
> 
> Testing
> -------
> 
> Valgrind doesn't complain anymore.
> 
> 
> Thanks,
> 
> Albert Astals Cid
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20150924/9242ed7a/attachment-0001.html>