[pacman-dev] [PATCH] validate %FILEPATH% when parsing repo dbs

Simon Gomizelj simongmzlj at gmail.com
Wed May 22 00:41:50 EDT 2013


On Fri, May 10, 2013 at 10:41:41PM +1000, Allan McRae wrote:
> On 09/05/13 16:48, Allan McRae wrote:
>> On 09/05/13 16:40, Simon Gomizelj wrote:
>>>     size_t cache_len = strlen(db->handle->dbpath) + strlen(db->handle->root);
>>>
>>> Do we actually need to recalculate this each time? Maybe its worth
>>> cacheing somewhere. I'm sure there's more validation that could be
>>> done within pacman.
>>>
>>> I'll leave the min length for now.
>>
>> Why? What does three characters give you that one does not?  I'm
>> assuming an "a.Z" extension.  By why do we need an extension?
>>
>
> Discussed on IRC.   I'd prefer to explicitly check for "." and ".."
> rather than have the restriction of three.
>
> Allan
>

Just checking it starts with '.' should be sufficient. It will rule out
'..' and the filename is already explicitly restricted from containing
'/'.


More information about the pacman-dev mailing list