apr-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Michael Clark <mich...@metaparadigm.com>
Subject Re: [Patch] Proposed Extended Attributes Implementation
Date Fri, 21 Dec 2007 08:01:05 GMT
Michael Clark wrote:
> http://oss.metaparadigm.com/apache-privsep/2.3.0-dev/xattr-patches/apr-xattr-impl-solaris.patch

>

Just a note - the solaris implementation has a bug as the '/' character 
is not allowed in subfile names and this current implementation doesn't 
escape the attribute names - this is a potential security issue - it is 
not something I had overlooked - I just I had not added the 
escaping/unescaping code for this yet. The other implementations are not 
effected in this way. I will redo this patch.

I will in due course add some test cases for attributes with special 
characters ('/', ':", '\', etc). A windows implementation that uses 
:named streams will have the same issue and attribute names with special 
characters will need to be escaped.

Michael.

Mime
View raw message