Need to sanitize parameters on the server side
Bug #1677133 reported by
Michi Henning
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
storage-framework (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
We could be more thorough in santizing some of the input parameters that the server-side runtime passes to the provider implementation. For example, we could check the size parameter that is passed to CreateFile() and Update() to make sure that it is non-negative and return an error if not. This would relieve each provider implementation from redundantly implementing the check.
There are probably other checks we could implement in the runtime, such as that a name or id is non-empty, or that source and target for a move or copy are not the same.
To post a comment you must log in.