[packagekit] Delimitors for handling multiple package_ids
Richard Hughes
hughsient at gmail.com
Fri Sep 26 10:33:14 PDT 2008
On Fri, 2008-09-26 at 17:44 +0200, Patryk Zawadzki wrote:
> Actually that's a problem in PK code. You should never pass untrusted
> strings as the 1st param to printf. For everything that comes from
> outside of your own code, use
>
> printf("%s", str)
>
> Otherwise you're just adding a potential attack vector.
Totally. I think there was only a couple of places in the code where
this was a problem when run with --verbose, but I agree with what you
say.
Richard
More information about the PackageKit
mailing list