dfaure requested changes to this revision. dfaure added a comment. This revision now requires changes to proceed.
I don't feel confident approving the security-related fixes in here. Maybe Thiago or Oswald could have a look... INLINE COMMENTS > fdreceiver.cpp:61 > } > + ::unlink(m_path.toStdString().c_str()); > } This will break if the path contains non-ascii characters. Either use QFile::remove, or use a QByteArray (or std::string) everywhere to avoid a conversion from 16-bit to 8-bit, or third option, do the conversion properly here, using QFile::encodeName(m_path). > sharefd_p.h:51 > { > - return reinterpret_cast<const sockaddr*>(&addr); > + return (strlen(addr.sun_path) > 0) ? reinterpret_cast<const > sockaddr*>(&addr) : nullptr; > } Is strlen needed? It seems to me that sun_path will be null if make_address failed, so a simple null-pointer check would be enough here. Plus I remember some implementations of strlen breaking on null pointers... REPOSITORY R241 KIO REVISION DETAIL https://phabricator.kde.org/D9966 To: chinmoyr, #frameworks, thiago, dfaure Cc: ngraham, fvogt, lbeltrame, dfaure, michaelh