[pacman-dev] [PATCH] validate %FILEPATH% when parsing repo dbs
Simon Gomizelj
simongmzlj at gmail.com
Wed May 22 02:19:40 EDT 2013
On Wed, May 22, 2013 at 02:51:54PM +1000, Allan McRae wrote:
> On 22/05/13 14:41, Simon Gomizelj wrote:
>> On Fri, May 10, 2013 at 10:41:41PM +1000, Allan McRae wrote:
>>> On 09/05/13 16:48, Allan McRae wrote:
>>>> On 09/05/13 16:40, Simon Gomizelj wrote:
>>>>> size_t cache_len = strlen(db->handle->dbpath) + strlen(db->handle->root);
>>>>>
>>>>> Do we actually need to recalculate this each time? Maybe its worth
>>>>> cacheing somewhere. I'm sure there's more validation that could be
>>>>> done within pacman.
>>>>>
>>>>> I'll leave the min length for now.
>>>>
>>>> Why? What does three characters give you that one does not? I'm
>>>> assuming an "a.Z" extension. By why do we need an extension?
>>>>
>>>
>>> Discussed on IRC. I'd prefer to explicitly check for "." and ".."
>>> rather than have the restriction of three.
>>>
>>> Allan
>>>
>>
>> Just checking it starts with '.' should be sufficient. It will rule out
>> '..' and the filename is already explicitly restricted from containing
>> '/'.
>>
>
> pkgname='.' works (somewhat). I guess pkgname=".foobar" is more plausible.
>
> Allan
>
falconindy and I has a discussion on irc about what constitutes a valid
filename and I think we settled on the idea that a hidden file should be
invalid.
We could just move the dot check all together. So long as the filename
doesn't contain a '/', its not a filepath.
More information about the pacman-dev
mailing list