[pacman-dev] [PATCH] validate %FILEPATH% when parsing repo dbs
simongmzlj at gmail.com
Wed May 22 00:41:50 EDT 2013
On Fri, May 10, 2013 at 10:41:41PM +1000, Allan McRae wrote:
> On 09/05/13 16:48, Allan McRae wrote:
>> On 09/05/13 16:40, Simon Gomizelj wrote:
>>> size_t cache_len = strlen(db->handle->dbpath) + strlen(db->handle->root);
>>> Do we actually need to recalculate this each time? Maybe its worth
>>> cacheing somewhere. I'm sure there's more validation that could be
>>> done within pacman.
>>> I'll leave the min length for now.
>> Why? What does three characters give you that one does not? I'm
>> assuming an "a.Z" extension. By why do we need an extension?
> Discussed on IRC. I'd prefer to explicitly check for "." and ".."
> rather than have the restriction of three.
Just checking it starts with '.' should be sufficient. It will rule out
'..' and the filename is already explicitly restricted from containing
More information about the pacman-dev