[OpenWrt-Devel] [PATCH 2/3] Replace use of blobmsg_check_attr by blobmsg_check_attr_safe

Yousong Zhou yszhou4tech at gmail.com
Fri Nov 23 01:13:46 EST 2018

On Fri, 23 Nov 2018 at 13:51, Tobias Schramm <tobleminer at gmail.com> wrote:
> While I do agree that we could safely call blobmsg_check_attr I think
> that - to the uninitiated reader - calling blobmsg_check_attr_safe
> shows a lot more clearly that the methods in question are actually
> safe to use with potentially broken /untrusted input.  Otherwise you
> would have to look at the implementation of __blob_for_each_attr and
> understand it first. Also I don't see any downsides to calling
> blobmsg_check_attr_safe over blobmsg_check_attr.

That depends.   _safe is still a vague word.  We can argue that
cautious users will dig into the implementation details to find out
what's the added ingredients to make it a safer variant and in which
ways.  Or _safe is such a nice word that we should rename all func
names to have them certified and never should we use the "insecure"

p.s. please do not top post.


openwrt-devel mailing list
openwrt-devel at lists.openwrt.org

More information about the openwrt-devel mailing list