[Differential] [Commented On] D4376: Replace long-deprecated getpass(3) call
Martin Gräßlin
noreply at phabricator.kde.org
Tue Jan 31 19:10:57 UTC 2017
graesslin added a comment.
Out of interest: how did you stumble on that code? After all the usage in kscreenlocker should not enter the code path. KScreenlocker uses the conv_server approach. And IIRC there is no other usage of kcheckpass any more.
> I didn't think this case was very likely so I did not author such a check.
We can think about how likely it is: this is code run on every system when the screen is unlocked. I do that ~10 times a day. Let's say a normal users does it once a day. Makes it 365 times a year. Let's assume we have a million users. That's 365 million times this code gets called per year. The unlikely event can get quite likely with large numbers ;-)
If you think there is a risk: better be pedantic in this case. On the other hand getdelim should return -1 in error case and then your method returns null. So in my book that's good enough error checking.
INLINE COMMENTS
> kcheckpass.c:102
> + nl = strchr(password, '\n');
> + if(nl) {
> + *nl = '\0';
nitpck: coding style. Whitespace missing between if and (
REPOSITORY
R133 KScreenLocker
REVISION DETAIL
https://phabricator.kde.org/D4376
EMAIL PREFERENCES
https://phabricator.kde.org/settings/panel/emailpreferences/
To: awilcox
Cc: graesslin, plasma-devel, lesliezhai, ali-mohamed, jensreuterberg, abetts, sebas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/plasma-devel/attachments/20170131/60d72cf3/attachment.html>
More information about the Plasma-devel
mailing list