On Fri, 23 Nov 2018 at 13:51, Tobias Schramm <toblemi...@gmail.com> wrote:
>
> While I do agree that we could safely call blobmsg_check_attr I think
> that - to the uninitiated reader - calling blobmsg_check_attr_safe
> shows a lot more clearly that the methods in question are actually
> safe to use with potentially broken /untrusted input. Otherwise you
> would have to look at the implementation of __blob_for_each_attr and
> understand it first. Also I don't see any downsides to calling
> blobmsg_check_attr_safe over blobmsg_check_attr.
That depends. _safe is still a vague word. We can argue that
cautious users will dig into the implementation details to find out
what's the added ingredients to make it a safer variant and in which
ways. Or _safe is such a nice word that we should rename all func
names to have them certified and never should we use the "insecure"
ones.
p.s. please do not top post.
yousong
_______________________________________________
openwrt-devel mailing list
openwrt-devel@lists.openwrt.org
https://lists.openwrt.org/mailman/listinfo/openwrt-devel
