Buffer overflow in CGI kioslave?

Michael Pyne michael.pyne at kdemail.net
Wed Jun 21 01:54:50 BST 2006


On Tuesday 20 June 2006 17:21, Michael Pyne wrote:
> On Tuesday 20 June 2006 05:03, Juergen Pfennig wrote:
> > Hi,
> >
> > somebody reported a CGI bug the causes addition spaces to be inserted
> > in the output HTML. Unfortunately I have to confirm this. The bug happens
> > if the output is lengthy and becomes not always visible. But is still
> > reproducable.
> >
> > Could it be that the fread() function returns unicode? If so then there
> > is a badly sized buffer declared:
>
> No, that's not the reason.  fread() always reads in bytes, not characters.
>
> I will look at the bug (the bug number is 118550 btw) if you could give me
> an example of a testcase (assuming I don't construct an example by myself).

The issue is that a QCString is passed to something which is expecting 
QByteArray.  Not normally an issue, but in this case KIO is happy to send the 
extra '\0' character than QCString implies.

I've fixed the issue in the attached patch (also submitted to bug 118550), so 
if it could be reviewed so I can commit the fix to /branches/3.5 (and then 
to /trunk) I'd appreciate it.  The fix is basically to avoid using QCString 
while processing the buffered data.  As such, I had to port a few useful 
QCString functions to use with a plain QByteArray.

Regards,
 - Michael Pyne
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fix-weird-output.diff
Type: text/x-diff
Size: 3245 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20060620/87952dd8/attachment.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <https://mail.kde.org/mailman/private/kfm-devel/attachments/20060620/87952dd8/attachment.sig>


More information about the kfm-devel mailing list