dfaure requested changes to this revision.
dfaure added a comment.
This revision now requires changes to proceed.
I don't feel confident approving the security-related fixes in here. Maybe
Thiago or Oswald could have a look...
INLINE COMMENTS
> fdreceiver.cpp:61
> }
> + ::unlink(m_path.toStdString().c_str());
> }
This will break if the path contains non-ascii characters.
Either use QFile::remove, or use a QByteArray (or std::string) everywhere to
avoid a conversion from 16-bit to 8-bit, or third option, do the conversion
properly here, using QFile::encodeName(m_path).
> sharefd_p.h:51
> {
> - return reinterpret_cast<const sockaddr*>(&addr);
> + return (strlen(addr.sun_path) > 0) ? reinterpret_cast<const
> sockaddr*>(&addr) : nullptr;
> }
Is strlen needed? It seems to me that sun_path will be null if make_address
failed, so a simple null-pointer check would be enough here. Plus I remember
some implementations of strlen breaking on null pointers...
REPOSITORY
R241 KIO
REVISION DETAIL
https://phabricator.kde.org/D9966
To: chinmoyr, #frameworks, thiago, dfaure
Cc: ngraham, fvogt, lbeltrame, dfaure, michaelh
