[PATCH] No longer need to escape '+' in a D-Bus address

Michael Witten mfwitten at MIT.EDU
Fri Aug 29 00:14:02 PDT 2008 

Hello,

On 17 Aug 2008, at 12:29 AM, Havoc Pennington wrote:

> Hi,
>
> On Sat, Aug 16, 2008 at 11:54 PM, Michael Witten <mfwitten at mit.edu>  
> wrote:
>> The character '+' wasn't included as a character
>> that only needs to be optionally escaped. As a
>> result, some generated paths wouldn't work (such
>> as the following that was produced on a Mac OS X
>> system:
>>
>>   <listen>unix:tmpdir=/var/folders/9Y/9YL5MvFhGfySA5DvYnUpJE+++TI/- 
>> Tmp-/</listen>
>>
>
> When you say "was produced," how was it produced, and why isn't it
> escaped properly?

It would seem that Mac OS X Leopard defines the environment variable  
$TMPDIR in at least
interactive shells (sessions) for non-root users and that this  
definition is specific to
each user. For instance, user1 has the following for $TMPDIR:

	/var/folders/9Y/9YL5MvFhGfySA5DvYnUpJE+++TI/-Tmp-/

while user2 has:

	/var/folders/+o/+ox+jB5AF54anKmJQCrdVk+++TM/-Tmp-/

These never change. Unfortunately, it's not obvious where or by what  
this environment
variable is bound.

In any case, the configuration of the dbus source is affected by these  
definitions of
$TMPDIR.

> Do we know that "+" is the only needs-escaping
> character that could have turned up?

The best way to tell is to figure out how $TMPDIR is defined; it is  
not obvious to me,
so perhaps the Apple devs should be consulted.

> Changing this will require patching the spec as well:
> http://dbus.freedesktop.org/doc/dbus-specification.html#addresses
>
> It should also be simple to patch the unit tests at the bottom of
> dbus-address.c to fail pre-change and succeed post-change.

Do you want me to patch these things?

> Before patching all that though, let's figure out if it makes sense to
> do so. Why is "+" in particular something to add? Would it be more
> correct to just escape it wherever this address is created?

I imagine that the set of optionally-escaped characters is modeled  
after an
internet specification and I imagine that there is a strong desire to  
keep
this address specification uniform across all kinds of dbus addresses.

Because the OS assigns a temporary directory to each user, the  
configuration
script(s) would have to take special pains to check for this (and any  
other
offensive) character and then automatically escape it.

The alternative is to loosen the specification (for at least file  
hierarchy
"addresses"), which seems acceptable to me.

It's really just a matter of deciding who has to do the grunt work--- 
dbus or
poor people like me, who just want to install a dependency with as  
little
difficulty as possible.

	Frankly, enforcing (arbitrarily) strict input is never a good idea,
	and I suggest making dbus more forgiving on a wide range of characters
	(for instance, all printable characters).

Sincerely,
Michael Witten

More information about the dbus mailing list