Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 137716 Details for
Bug 200856
kde-base/kdm and kde-base/kdebase: Local Denial of Service (CVE-2007-5963)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
kdm3-face-dos.diff
kdm3-face-dos.diff (text/plain), 2.20 KB, created by
Robert Buchholz (RETIRED)
on 2007-12-04 16:44:39 UTC
(
hide
)
Description:
kdm3-face-dos.diff
Filename:
MIME Type:
Creator:
Robert Buchholz (RETIRED)
Created:
2007-12-04 16:44:39 UTC
Size:
2.20 KB
patch
obsolete
>--- kfrontend/kgreeter.cpp (revision 706109) >+++ kfrontend/kgreeter.cpp (working copy) >@@ -42,6 +42,8 @@ > #undef Unsorted // x headers suck - make qdir.h work with --enable-final > #include <qdir.h> > #include <qfile.h> >+#include <qbuffer.h> >+#include <qmemarray.h> > #include <qimage.h> > #include <qmovie.h> > #include <qpopupmenu.h> >@@ -59,6 +61,7 @@ > #include <grp.h> > #include <stdlib.h> > #include <unistd.h> >+#include <fcntl.h> > #include <sys/types.h> > > #include <X11/Xlib.h> >@@ -163,6 +166,9 @@ > QString login; > }; > >+#define FILE_LIMIT_ICON 20 >+#define FILE_LIMIT_IMAGE 200 >+ > void > KGreeter::insertUser( const QImage &default_pix, > const QString &username, struct passwd *ps ) >@@ -181,16 +187,44 @@ > nd = 1; > QImage p; > do { >- QString fn = dp ? >- QFile::decodeName( ps->pw_dir ) + "/.face" : >- _faceDir + '/' + username + ".face"; >- if (p.load( fn + ".icon" ) || p.load( fn )) { >- QSize ns( 48, 48 ); >- if (p.size() != ns) >- p = p.convertDepth( 32 ).smoothScale( ns, QImage::ScaleMin ); >- goto gotit; >+ dp ^= 1; >+ QCString fn = !dp ? >+ QCString( ps->pw_dir ) + '/' : >+ QFile::encodeName( _faceDir + '/' + username ); >+ fn += ".face.icon"; >+ int fd, ico; >+ if ((fd = open( fn.data(), O_RDONLY | O_NONBLOCK )) < 0) { >+ fn.truncate( fn.length() - 5 ); >+ if ((fd = open( fn.data(), O_RDONLY | O_NONBLOCK )) < 0) >+ continue; >+ ico = 0; >+ } else >+ ico = 1; >+ QFile f; >+ f.open( IO_ReadOnly, fd ); >+ int fs = f.size(); >+ if (fs > (ico ? FILE_LIMIT_ICON : FILE_LIMIT_IMAGE) * 1000) { >+ LogWarn( "%s exceeds file size limit (%dkB)\n", >+ fn.data(), ico ? FILE_LIMIT_ICON : FILE_LIMIT_IMAGE ); >+ continue; > } >- dp = 1 - dp; >+ QByteArray fc( fs ); >+ int rfs = f.readBlock( fc.data(), fs ); >+ ::close( fd ); >+ fc.resize( rfs > 0 ? rfs : 0 ); >+ QBuffer buf( fc ); >+ buf.open( IO_ReadOnly ); >+ QImageIO ir; >+ ir.setIODevice( &buf ); >+ if (!ir.read()) { >+ LogInfo( "%s is no valid image\n", fn.data() ); >+ continue; >+ } >+ p = ir.image(); >+ QSize ns( 48, 48 ); >+ if (p.size() != ns) >+ p = p.convertDepth( 32 ).smoothScale( ns, QImage::ScaleMin ); >+ goto gotit; > } while (--nd >= 0); > p = default_pix; > gotit:
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=137716">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 200856
:
137399
| 137716
