> On set. 24, 2015, 3:15 p.m., Aleix Pol Gonzalez wrote: > > src/kntlm/kntlm.cpp, line 246 > > <https://git.reviewboard.kde.org/r/125338/diff/1/?file=404939#file404939line246> > > > > Isn't this already checked in line 230? Or is `sizeof(Challenge)!=32`?
sizeof(Challenge) is 40, i understand that the last bits are optional (hence the checks for targetInfo.isEmpty()) - Albert ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://git.reviewboard.kde.org/r/125338/#review85873 ----------------------------------------------------------- On set. 21, 2015, 7:56 p.m., Albert Astals Cid wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://git.reviewboard.kde.org/r/125338/ > ----------------------------------------------------------- > > (Updated set. 21, 2015, 7:56 p.m.) > > > Review request for KDE Frameworks and Dawit Alemayehu. > > > Repository: kio > > > Description > ------- > > Make sure the size of the byte array we just dumped into the struct is big > enough before calculating the targetInfo, otherwise we're accessing memory > that doesn't belong to us > > Fix out of bounds memory access > https://build.kde.org/job/kio%20master%20kf5-qt5/PLATFORM=Linux,compiler=gcc/102/testReport/junit/%28root%29/TestSuite/kioslave_httpauthenticationtest/ > > Also remove a cast to quint32 that is not necessary since the member is > already a quint32 > > > Diffs > ----- > > src/kntlm/kntlm.cpp 77526dd > > Diff: https://git.reviewboard.kde.org/r/125338/diff/ > > > Testing > ------- > > Valgrind doesn't complain anymore. > > > Thanks, > > Albert Astals Cid > >
_______________________________________________ Kde-frameworks-devel mailing list Kde-frameworks-devel@kde.org https://mail.kde.org/mailman/listinfo/kde-frameworks-devel
