dfaure added a comment.
Thiago: thanks for the review. You didn't say anything about the getsockopt/getpeereid usage so I assume this part looks ok? That's mostly what I wanted you to look at. The early push was so we don't release 5.43 (planned for today) without this security fix at all, in case of no answer... INLINE COMMENTS > thiago wrote in fdreceiver.cpp:34 > Don't use toStdString(). I know this is what it used to do, but you can take > the opportunity to fix the issue. Right, this should be QFile::encodeName(m_path) and using QByteArray in SocketAddress rather than std::string. > thiago wrote in fdreceiver.cpp:88 > Where's the support for other OSes? This is UNIX-only, but indeed OSX is missing. Does that support getpeereid? REPOSITORY R241 KIO REVISION DETAIL https://phabricator.kde.org/D9966 To: chinmoyr, #frameworks, thiago, dfaure, ossi Cc: ngraham, fvogt, lbeltrame, dfaure, michaelh