[pacman-dev] [PATCH] validate %FILEPATH% when parsing repo dbs
Allan McRae
allan at archlinux.org
Wed May 22 00:51:54 EDT 2013
On 22/05/13 14:41, Simon Gomizelj wrote:
> On Fri, May 10, 2013 at 10:41:41PM +1000, Allan McRae wrote:
>> On 09/05/13 16:48, Allan McRae wrote:
>>> On 09/05/13 16:40, Simon Gomizelj wrote:
>>>> size_t cache_len = strlen(db->handle->dbpath) + strlen(db->handle->root);
>>>>
>>>> Do we actually need to recalculate this each time? Maybe its worth
>>>> cacheing somewhere. I'm sure there's more validation that could be
>>>> done within pacman.
>>>>
>>>> I'll leave the min length for now.
>>>
>>> Why? What does three characters give you that one does not? I'm
>>> assuming an "a.Z" extension. By why do we need an extension?
>>>
>>
>> Discussed on IRC. I'd prefer to explicitly check for "." and ".."
>> rather than have the restriction of three.
>>
>> Allan
>>
>
> Just checking it starts with '.' should be sufficient. It will rule out
> '..' and the filename is already explicitly restricted from containing
> '/'.
>
pkgname='.' works (somewhat). I guess pkgname=".foobar" is more plausible.
Allan
More information about the pacman-dev
mailing list