graesslin added a comment.
Out of interest: how did you stumble on that code? After all the usage in
kscreenlocker should not enter the code path. KScreenlocker uses the
conv_server approach. And IIRC there is no other usage of kcheckpass any more.
> I didn't think this case was very likely so I did not author such a check.
We can think about how likely it is: this is code run on every system when
the screen is unlocked. I do that ~10 times a day. Let's say a normal users
does it once a day. Makes it 365 times a year. Let's assume we have a million
users. That's 365 million times this code gets called per year. The unlikely
event can get quite likely with large numbers ;-)
If you think there is a risk: better be pedantic in this case. On the other
hand getdelim should return -1 in error case and then your method returns null.
So in my book that's good enough error checking.
INLINE COMMENTS
> kcheckpass.c:102
> + nl = strchr(password, '\n');
> + if(nl) {
> + *nl = '\0';
nitpck: coding style. Whitespace missing between if and (
REPOSITORY
R133 KScreenLocker
REVISION DETAIL
https://phabricator.kde.org/D4376
EMAIL PREFERENCES
https://phabricator.kde.org/settings/panel/emailpreferences/
To: awilcox
Cc: graesslin, plasma-devel, lesliezhai, ali-mohamed, jensreuterberg, abetts,
sebas
