On Wed, Nov 02, 2022 at 11:45:43AM +0100, Theo Buehler wrote:
> Not all callers of valid_uri() ensure that the uri passed in is actually
> a C string and the API implies at least that uri[usz - 1] != '\0' is
> allowed. For example, x509_location() a priori doesn't pass a C string
> and Job will soo
Not all callers of valid_uri() ensure that the uri passed in is actually
a C string and the API implies at least that uri[usz - 1] != '\0' is
allowed. For example, x509_location() a priori doesn't pass a C string
and Job will soon add a second instance. I think we should explicitly
length check uri
