Command name validation question
Havoc Pennington
hp at redhat.com
Thu Sep 7 18:48:49 PDT 2006
John (J5) Palmieri wrote:
> I have this marked as a 1.0 FIXME but on second glance I am not sure if
> it needs to be fixed:
>
> /* FIXME 1.0 we should probably validate that only the allowed
> * chars are in the command name
> */
>
> command = lookup_command_from_name (&line);
>
> lookup_command_from_name just does a lookup in a table. I thought this
> was a security issue at first but since the command itself it compared
> against valid commands we check it just seems like a small performance
> FIXME since you wouldn't have to check against the whole command table
> if the command contained an invalid character. If that is the case I am
> going to take it of the 1.0 FIXME's and just make it a regular @todo.
>
I don't think there's a security problem, but it would be slightly more
correct to validate the characters. Invalid characters would indicate a
malicious client of some kind, since there's no reason to have invalid
chars, while unknown commands with valid chars are allowed. IOW we would
disconnect someone immediately on invalid chars ("not well formed")
while on an unknown command we just report an error.
So it's not just a performance issue but I don't think it's a critical
issue.
Havoc
More information about the dbus
mailing list