> On July 21, 2015, 3:57 p.m., Lamarque Souza wrote: > > src/runtime/kwalletd/main.cpp, line 113 > > <https://git.reviewboard.kde.org/r/124413/diff/1/?file=386596#file386596line113> > > > > You should use strncmp instead of strcmp. > > Martin Klapetek wrote: > Why would you think? The whole string is being compared, what good would > strncmp do in here? > > Lamarque Souza wrote: > I was thinking about using something like > > if (strncmp(argv[x], "--pam-login", sizeof("--pam-login"))) > > It's a general rule not use use strcmp in security sensitive code since > it only stops to compare characters when it finds a null character. If no > such character exists in the compared string then you will have a buffer > overflow. Since this is an argv string it probably contains a null byte, so > the "should" and not "have to". It is just recomendation, you can drop it if > you wish. > > Stefan Brüns wrote: > But "--pam-login" is null terminated, so you will compare at most > sizeof("--pam-login") bytes anyway.
Yeah, you're right. - Lamarque ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/124413/#review82770 ----------------------------------------------------------- On July 21, 2015, 5:27 p.m., Martin Klapetek wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/124413/ > ----------------------------------------------------------- > > (Updated July 21, 2015, 5:27 p.m.) > > > Review request for KDE Frameworks, Àlex Fiestas and Valentin Rusu. > > > Repository: kwallet > > > Description > ------- > > This brings back Alex's patch in commit > f2fe3e75b4ba12d0f99aa09327059a1865891b14 [1] which allows KWallet to be > opened by PAM if kwallet-pam is present. > > http://quickgit.kde.org/?p=kde-runtime.git&a=commit&h=f2fe3e75b4ba12d0f99aa09327059a1865891b14 > > > Diffs > ----- > > src/runtime/kwalletd/main.cpp b4e3837 > > Diff: https://git.reviewboard.kde.org/r/124413/diff/ > > > Testing > ------- > > Logged in, KWallet does not ask for password anymore. > > > Thanks, > > Martin Klapetek > >
_______________________________________________ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel
