[packagekit] Delimitors for handling multiple package_ids

Richard Hughes hughsient at gmail.com
Fri Sep 26 10:33:14 PDT 2008

On Fri, 2008-09-26 at 17:44 +0200, Patryk Zawadzki wrote:
> Actually that's a problem in PK code. You should never pass untrusted
> strings as the 1st param to printf. For everything that comes from
> outside of your own code, use
> printf("%s", str)
> Otherwise you're just adding a potential attack vector.

Totally. I think there was only a couple of places in the code where
this was a problem when run with --verbose, but I agree with what you


More information about the PackageKit mailing list