Review Request 126539: Check sockaddr_un buffer size before strcpy()ing into it.

David Edmundson david at davidedmundson.co.uk
Mon Dec 28 00:46:17 UTC 2015


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/126539/#review90188
-----------------------------------------------------------

Ship it!


Ship It!

- David Edmundson


On Dec. 28, 2015, 12:17 a.m., Michael Pyne wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/126539/
> -----------------------------------------------------------
> 
> (Updated Dec. 28, 2015, 12:17 a.m.)
> 
> 
> Review request for KDE Frameworks and Plasma.
> 
> 
> Repository: kwallet-pam
> 
> 
> Description
> -------
> 
> Coverity strikes again, and notes in CID 1335116 that copying the socket name into a fixed-size buffer here could overflow the buffer. I don't see any reason it would be wrong in all cases, so best to double-check.
> 
> Submitting for review mostly because I don't use pam_kwallet, otherwise the check is simple enough that I'd feel comfortable committing directly. Note that the len that is already calculated includes the null terminator already.
> 
> 
> Diffs
> -----
> 
>   pam_kwallet.c 345aa03 
> 
> Diff: https://git.reviewboard.kde.org/r/126539/diff/
> 
> 
> Testing
> -------
> 
> Code still compiles.
> 
> 
> Thanks,
> 
> Michael Pyne
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20151228/7f0c825f/attachment.html>


More information about the Plasma-devel mailing list