Review Request 129733: KSycoca: don't follow symlink to directories, it creates a risk of recursion
David Faure
faure at kde.org
Mon Jan 2 20:55:37 UTC 2017
> On Jan. 2, 2017, 8:29 p.m., René J.V. Bertin wrote:
> > Ship It!
>
> René J.V. Bertin wrote:
> Oops, I was too fast.
>
> David, on a whim I just tried
>
> ```
> sudo ln -s ../../.. /opt/local/share/applications/kde4/testlink
> ```
>
> which is the exact same kind of tarpit situation that got me the other day. Your patch doesn't protect against it.
Reproduced. As I suspected it's the missing check in vfolder_menu.cpp. Updated patch coming up.
- David
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/129733/#review101740
-----------------------------------------------------------
On Dec. 31, 2016, 1:06 p.m., David Faure wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/129733/
> -----------------------------------------------------------
>
> (Updated Dec. 31, 2016, 1:06 p.m.)
>
>
> Review request for KDE Frameworks, Albert Astals Cid and René J.V. Bertin.
>
>
> Repository: kservice
>
>
> Description
> -------
>
> Symlinks to (desktop) files are still supported.
>
>
> Diffs
> -----
>
> autotests/ksycocatest.cpp 4564ee6750a80a109492c197c83944e129dcabac
> src/sycoca/ksycocautils_p.h f144a80ea6d845ed5eaff41689756b30f17d9391
>
> Diff: https://git.reviewboard.kde.org/r/129733/diff/
>
>
> Testing
> -------
>
> Added unittest (which failed before the fix, passes after the fix)
>
>
> Thanks,
>
> David Faure
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-frameworks-devel/attachments/20170102/062c5084/attachment.html>
More information about the Kde-frameworks-devel
mailing list