Command name validation question

John (J5) Palmieri johnp at
Thu Sep 7 17:51:09 PDT 2006

I have this marked as a 1.0 FIXME but on second glance I am not sure if
it needs to be fixed:

/* FIXME 1.0 we should probably validate that only the allowed
   * chars are in the command name
  command = lookup_command_from_name (&line);

lookup_command_from_name just does a lookup in a table.  I thought this
was a security issue at first but since the command itself it compared
against valid commands we check it just seems like a small performance
FIXME since you wouldn't have to check against the whole command table
if the command contained an invalid character.  If that is the case I am
going to take it of the 1.0 FIXME's and just make it a regular @todo.

John (J5) Palmieri <johnp at>

More information about the dbus mailing list