[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[PATCH] Rework the do_list_voices function, and fix a memory leak.
|
From: |
Trevor Saunders |
|
Subject: |
[PATCH] Rework the do_list_voices function, and fix a memory leak. |
|
Date: |
Thu, 16 Sep 2010 07:39:01 -0400 |
Hi,
On Thu, Sep 16, 2010 at 01:04:45PM +0200, Andrei Kholodnyi wrote:
> > Possibly, but every voice must have a name. ?Otherwise, one cannot
> > select it. ?I'd say that (voices[i]->name == NULL) is an error
> > condition which should never occur.
>
> It could occur.
yes, we might as wellcheck.
> I can intentionally put such list of voices to do e.g., a DOS attack
> on speech-dispatcher.
I may be wrongbut I don't think so, that list ofvoices comes from the
module, which I believe we can trust.
> I think we probably need to put a following check
> if (voices[i]->name == NULL) {
> print error;
> skip voice;
> }
>
> you are right that voice shall have a name.
agreed
> now, since modules can be added dynamically during runtime and we even
> don't know what these modules could be,
> it is a reasonable check here.
I don't thinkwe've added auto detection or run time loading yet, or have
I missed something big? Even if we setup auto detection (I plan just
haven't gotten to it :( ) or runtime loading, I think we still can trust
the module won't send empty names.
I believe we can trust that name != NULL because that list of voices
came from the module which we can trust. I believe we can trust modules
because currently for the module to be running someone trusted with the
right to edit the speechd.conf has to set it up to run, so if they can
setup a militious module we were already owned, and they have no reason
to add such a module. If we support runtime or automatic module loading
only modules in a system folder like /usr/lib/speech-dispatcher-modules
should be loaded, not any module, which means we can trust the module
because someone needs permissions to write there to add a module.
I hope I'm clear enough on why this shouldn't be an issue.
Trev
>
> if you decide to do this change, could you also fix a debug message
> DBG("Voice prepared to sens to speechd");
>
> _______________________________________________
> Speechd mailing list
> Speechd at lists.freebsoft.org
> http://lists.freebsoft.org/mailman/listinfo/speechd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL:
<http://lists.freebsoft.org/pipermail/speechd/attachments/20100916/c54960e2/attachment.pgp>
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Christopher Brannon, 2010/09/13
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Andrei Kholodnyi, 2010/09/15
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Christopher Brannon, 2010/09/15
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Andrei Kholodnyi, 2010/09/16
- [PATCH] Rework the do_list_voices function, and fix a memory leak.,
Trevor Saunders <=
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Andrei Kholodnyi, 2010/09/17
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Trevor Saunders, 2010/09/17
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Christopher Brannon, 2010/09/16
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Andrei . Kholodnyi, 2010/09/16
- [PATCH] Rework the do_list_voices function, and fix a memory leak., William Hubbs, 2010/09/16
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Christopher Brannon, 2010/09/16
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Andrei Kholodnyi, 2010/09/16
- [PATCH] Rework the do_list_voices function, and fix a memory leak., Christopher Brannon, 2010/09/16