Command name validation question
John (J5) Palmieri
johnp at redhat.com
Thu Sep 7 17:51:09 PDT 2006
I have this marked as a 1.0 FIXME but on second glance I am not sure if
it needs to be fixed:
/* FIXME 1.0 we should probably validate that only the allowed
* chars are in the command name
*/
command = lookup_command_from_name (&line);
lookup_command_from_name just does a lookup in a table. I thought this
was a security issue at first but since the command itself it compared
against valid commands we check it just seems like a small performance
FIXME since you wouldn't have to check against the whole command table
if the command contained an invalid character. If that is the case I am
going to take it of the 1.0 FIXME's and just make it a regular @todo.
--
John (J5) Palmieri <johnp at redhat.com>
More information about the dbus
mailing list