aboutsummaryrefslogtreecommitdiff
path: root/SECURITY.md
diff options
context:
space:
mode:
authorKitsune Ral <Kitsune-Ral@users.sf.net>2020-09-11 06:50:45 +0200
committerKitsune Ral <Kitsune-Ral@users.sf.net>2020-11-06 14:07:20 +0100
commite00b3674f9fd8b606ea4d293dfb078ed4a621e12 (patch)
tree132feee13cfc34ac38cef895258a4aa1540bda5a /SECURITY.md
parent12f1eea08f84e1ca9229272d3fae88dc8d787c72 (diff)
downloadlibquotient-e00b3674f9fd8b606ea4d293dfb078ed4a621e12.tar.gz
libquotient-e00b3674f9fd8b606ea4d293dfb078ed4a621e12.zip
More stringent serverpart checks in user ids
May lead to new crashes due to nullptr returned from Connection::user() on more utterly invalid content from the wire that the library still doesn't properly invalidate. This has long been quite a good case for exceptions, or another error-handling framework: Connection::user() can return nullptr either when out of memory or when the id is invalid or empty, and other places are likely to treat invalid ids in different ways but probably just hope that memory exhaustion "never happens", or try to handle it in a quite different way than an empty or invalid id. Something to think of in 0.7. (cherry picked from commit 3c85f049389dec3b0ee6406f0be2cfaf0089f1fe)
Diffstat (limited to 'SECURITY.md')
0 files changed, 0 insertions, 0 deletions