[bind10-dev] ModuleCCSession() doesn't validate command?

Jelte Jansen jelte at isc.org
Mon Jan 3 20:53:41 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/03/2011 07:25 PM, JINMEI Tatuya / 神明達哉 wrote:
> If I read the code correctly, the ModuleCCSession doesn't validate the
> syntax of incoming command against the module spec (while it validates
> configuration updates).  In ModuleCCSession::checkCommand(), it passes
> all incoming data except commands named "config_update" to the
> "command_handler" callback mostly unconditionally (the only check is
> whether the module name matches, btw, I suspect we should also confirm
> the command name is valid in case it's not "config_update").  For
> configuration updates, it calls handleConfigUpdate(), where
> module_specification_.validate_config() validates the input.
> 
> My questions are:
> 1. is my understanding correct?
> 2. if so, shouldn't we also validate incoming commands?
> 

spot on twice. In fact the needed code is already there and shouldn't be too
hard to extend to commands, i'll create a ticket

Jelte
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0iN1UACgkQ4nZCKsdOncUkAgCfTiLtGaC3YLtrHBKFapyXwyTY
hwgAoJnR79pLtOlZ9c54tYhTGcHTSxPC
=MUCp
-----END PGP SIGNATURE-----



More information about the bind10-dev mailing list