diff -Xcvsignore -ur kdenetwork-3.0.4/lanbrowsing/kio_lan/kio_lan.cpp kdenetwork-3.0.5/lanbrowsing/kio_lan/kio_lan.cpp
--- kdenetwork-3.0.4/lanbrowsing/kio_lan/kio_lan.cpp	2002-01-03 21:34:12.000000000 +0100
+++ kdenetwork-3.0.5/lanbrowsing/kio_lan/kio_lan.cpp	2002-11-07 11:24:19.000000000 +0100
@@ -176,13 +176,14 @@
 
    char *currentBuf=receiveBuffer;
    int bytesLeft=receivedBytes;
-   int tmpIP;
    //this should be large enough for a name
-   char tmpName[1024];
+   char tmpName[4*1024];
    //this should be large enough for the hostname
-   char tmpHostname[512];
+   char tmpHostname[4*1024];
    while (bytesLeft>0)
    {
+      int tmpIP=2;
+      tmpName[0]='\0';
       if ((memchr(currentBuf,0,bytesLeft)==0) || (memchr(currentBuf,int('\n'),bytesLeft)==0))
       {
          delete [] receiveBuffer;
@@ -190,17 +191,19 @@
          return 0;
       };
       kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: processing "<<currentBuf;
-      sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
       //since we check for 0 and \n with memchr() we can be sure
       //at this point that tmpBuf is correctly terminated
       int length=strlen(currentBuf)+1;
+      if (length<(4*1024))
+         sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+
       bytesLeft-=length;
       currentBuf+=length;
-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
+      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
       {
          kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: succeeded"<<endl;
       }
-      else
+      else if (tmpIP!=2)
       {
          kdDebug(7101)<<"LANProtocol::lanReadDataFromServer: listing host: "<<tmpName<<" with ip: "<<tmpIP<<endl;
          UDSAtom atom;
@@ -344,13 +347,14 @@
 
    char *currentBuf=receiveBuffer;
    int bytesLeft=receivedBytes;
-   int tmpIP;
    //this should be large enough for a name
-   char tmpName[1024];
+   char tmpName[4*1024];
    //this should be large enough for the hostname
-   char tmpHostname[512];
+   char tmpHostname[4*1024];
    while (bytesLeft>0)
    {
+      int tmpIP=2;
+      tmpName[0]='\0';
       if ((memchr(currentBuf,0,bytesLeft)==0) || (memchr(currentBuf,int('\n'),bytesLeft)==0))
       {
          delete [] receiveBuffer;
@@ -358,17 +362,19 @@
          return 0;
       };
       kdDebug(7101)<<"RLANProtocol::readDataFromServer: processing "<<currentBuf;
-      sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
       //since we check for 0 and \n with memchr() we can be sure
       //at this point that tmpBuf is correctly terminated
       int length=strlen(currentBuf)+1;
+      if (length<(4*1024))
+         sscanf(currentBuf,"%u %s\n",&tmpIP,tmpName);
+
       bytesLeft-=length;
       currentBuf+=length;
-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
+      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0) )
       {
          kdDebug(7101)<<"RLANProtocol::readDataFromServer: succeeded"<<endl;
       }
-      else
+      else if (tmpIP!=2)
       {
          kdDebug(7101)<<"RLANProtocol::readDataFromServer: listing host: "<<tmpName<<" with ip: "<<tmpIP<<endl;
          UDSAtom atom;
@@ -436,7 +442,7 @@
          delete hostInfo;
          return 0;
       }
-      memcpy(&ip, hp->h_addr, hp->h_length);
+      memcpy(&ip, hp->h_addr, sizeof(ip));
 
       for (int i=0; i<KIOLAN_MAX; i++)
       {
diff -Xcvsignore -ur kdenetwork-3.0.4/lanbrowsing/lisa/ChangeLog kdenetwork-3.0.5/lanbrowsing/lisa/ChangeLog
--- kdenetwork-3.0.4/lanbrowsing/lisa/ChangeLog	2001-01-03 21:38:01.000000000 +0100
+++ kdenetwork-3.0.5/lanbrowsing/lisa/ChangeLog	2002-11-07 11:24:19.000000000 +0100
@@ -1,2 +1,5 @@
+0.1.3
+-security fixes: fixed LOGNAME vulnerabilty and another possible buffer overflow
+
 Version 0.1
 -initial version
diff -Xcvsignore -ur kdenetwork-3.0.4/lanbrowsing/lisa/lisadefines.h kdenetwork-3.0.5/lanbrowsing/lisa/lisadefines.h
--- kdenetwork-3.0.4/lanbrowsing/lisa/lisadefines.h	2001-10-26 14:05:47.000000000 +0200
+++ kdenetwork-3.0.5/lanbrowsing/lisa/lisadefines.h	2002-11-12 00:27:38.000000000 +0100
@@ -2,7 +2,7 @@
 #define LISADEFINES_H
 
 
-#define MYVERSION "0.1.1"
+#define MYVERSION "0.2.2"
 #define MY_ID 7741
 #define MYPORT 7741
 #define MAX_SPECS 32
diff -Xcvsignore -ur kdenetwork-3.0.4/lanbrowsing/lisa/netmanager.cpp kdenetwork-3.0.5/lanbrowsing/lisa/netmanager.cpp
--- kdenetwork-3.0.4/lanbrowsing/lisa/netmanager.cpp	2002-02-02 23:27:59.000000000 +0100
+++ kdenetwork-3.0.5/lanbrowsing/lisa/netmanager.cpp	2002-11-12 00:27:38.000000000 +0100
@@ -27,6 +27,7 @@
 #include <strings.h>
 #include <errno.h>
 #include <string.h>
+#include <pwd.h>
 
 #ifndef AF_LOCAL
 #define AF_LOCAL AF_UNIX
@@ -70,7 +71,7 @@
 
 NetManager::~NetManager()
 {
-   mgetDebug()<<"netknife destructor ..."<<std::endl;
+   mgetDebug()<<"NetManager destructor ..."<<std::endl;
    if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
    ::close(m_listenFD);
    ::close(m_bcFD);
@@ -131,14 +132,28 @@
       m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, 0);
       //m_listenFD=::socket(AF_LOCAL, SOCK_STREAM, IPPROTO_TCP);
       MyString socketName("/tmp/resLisa-");
-      socketName+=getenv("LOGNAME");
+      struct passwd *user = getpwuid( getuid() );
+      if ( user )
+         socketName+=user->pw_name;
+      else
+         //should never happen
+         socketName+="???";
       ::unlink(socketName.data());
       sockaddr_un serverAddr;
-//      bzero((char*)&serverAddr, sizeof(serverAddr));
+      if (socketName.length() >= sizeof(serverAddr.sun_path))
+      {
+         std::cout<<"NetManager::prepare: your user name  \""<<user->pw_name<<"\" is too long, exiting."<<std::endl;
+         return 0;
+      }
       memset((void*)&serverAddr, 0, sizeof(serverAddr));
-      serverAddr.sun_family      = AF_LOCAL;
-      strcpy(serverAddr.sun_path,socketName.data());
-      ::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
+      serverAddr.sun_family=AF_LOCAL;
+      strncpy(serverAddr.sun_path,socketName.data(),sizeof(serverAddr.sun_path));
+      result=::bind(m_listenFD,(sockaddr*) &serverAddr,sizeof(serverAddr));
+      if (result!=0)
+      {
+         std::cout<<"NetManager::prepare: bind (UNIX socket) failed, errno: "<<errno<<std::endl;
+         return 0;
+      }
    }
    else
    {
@@ -148,7 +163,7 @@
       {
          std::cout<<"NetManager::prepare: socket(TCP) failed, errno: "<<errno<<std::endl;
          return 0;
-      };
+      }
 
       sockaddr_in serverAddress;
 //      bzero((char*)&serverAddress, sizeof(serverAddress));
@@ -654,6 +669,10 @@
    m_receivedBytes+=result;
    if (m_receiveBuffer!=0) delete [] m_receiveBuffer;
    m_receiveBuffer=newBuf;
+   // too much data - abort at 2MB to avoid memory exhaustion
+   if (m_receivedBytes>2*1024*1024)
+     return 0;
+
    return 1;
 };
 
@@ -665,14 +684,15 @@
 
    char *tmpBuf=m_receiveBuffer;
    int bytesLeft=m_receivedBytes;
-   int tmpIP;
    mgetDebug()<<"m_receivedBytes: "<<m_receivedBytes<<" bytesLeft: "<<bytesLeft<<std::endl;
    //this should be large enough for a name
    //and the stuff which is inserted into the buffer
-   //comes only from ourselves
+   //comes only from ourselves ... or attackers :-(
    char tmpName[1024*4];
    while (bytesLeft>0)
    {
+      int tmpIP=2;  // well, some impossible IP address, 0 and 1 are already used for the last line of output
+      tmpName[0]='\0';
       if ((memchr(tmpBuf,0,bytesLeft)==0) || (memchr(tmpBuf,int('\n'),bytesLeft)==0))
       {
          delete newNodes;
@@ -687,14 +707,16 @@
          return 0;
       };
       //mgetDebug()<<"NetManager::processScanResults: processing -"<<tmpBuf;
-      sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
       //since we check for 0 and \n with memchr() we can be sure
       //at this point that tmpBuf is correctly terminated
       int length=strlen(tmpBuf)+1;
+      if (length<(4*1024))
+         sscanf(tmpBuf,"%u %s\n",&tmpIP,tmpName);
+
       bytesLeft-=length;
       tmpBuf+=length;
       mgetDebug()<<"length: "<<length<<" bytesLeft: "<<bytesLeft<<std::endl;
-      if ((bytesLeft==0) && (strstr(tmpName,"succeeded")!=0) && ((tmpIP==0) ||(tmpIP==1)))
+      if ((bytesLeft==0) && ((tmpIP==0) ||(tmpIP==1)) && (strstr(tmpName,"succeeded")!=0))
       {
          mgetDebug()<<"NetManager::processScanResults: succeeded :-)"<<std::endl;
          delete hostList;
@@ -712,7 +734,7 @@
 
          return 1;
       }
-      else
+      else if (tmpIP!=2)
       {
          //mgetDebug()<<"NetManager::processScanResults: adding host: "<<tmpName<<" with ip: "<<tmpIP<<std::endl;
          newNodes->append(Node(tmpName,tmpIP));
diff -Xcvsignore -ur kdenetwork-3.0.4/lanbrowsing/lisa/netscanner.cpp kdenetwork-3.0.5/lanbrowsing/lisa/netscanner.cpp
--- kdenetwork-3.0.4/lanbrowsing/lisa/netscanner.cpp	2002-02-02 23:27:59.000000000 +0100
+++ kdenetwork-3.0.5/lanbrowsing/lisa/netscanner.cpp	2002-11-07 11:24:19.000000000 +0100
@@ -36,6 +36,10 @@
 #include <netinet/ip.h>
 #include <netinet/ip_icmp.h>
 
+#ifndef INADDR_NONE
+#define INADDR_NONE -1
+#endif
+
 #define mgetDebug() getDebug()<<procId
 
 struct ICMPEchoRequest
@@ -133,7 +137,7 @@
       {
          if ((m_strictMode) && (hostsAdded>=STRICTMODEMAXHOSTS))
             break;
-         memcpy(&server_addr, hp->h_addr, hp->h_length);
+         memcpy(&server_addr, hp->h_addr, sizeof(server_addr));
          char *ip=inet_ntoa(server_addr);
          mgetDebug()<<"NetScanner::configure(): looking up "<<nextName<<" gives -"<<ip<<"-"<<std::endl;
          ipRangeStr=ipRangeStr+ip+';';
@@ -377,6 +381,9 @@
          };
       };
    } while (!done);
+
+   // Warning: The return value of plcose may be incorrect due to the
+   // SIGCHLD handler that is installed. Ignore it!
    pclose(nmblookupFile);
 
    delete [] tmpBuf;