On 12 September 2014 05:25, Masahiro Yamada yamada.m@jp.panasonic.com wrote:
I have a qustion about lists_driver_lookup_name() function.
for (entry = drv; entry != drv + n_ents; entry++) { if (strncmp(name, entry->name, len)) continue;
/* Full match */ if (len == strlen(entry->name)) return entry; }
On 09/14/14 21:28, Simon Glass wrote:
I would suggest still using strncmp as it is safer, but count also the '\0', so something like:
On 17 Sep 2014, grinberg@compulab.co.il wrote:
Why safer?
Could you give me more detailed explanation?
On 09/17/14 11:18, Masahiro Yamada wrote:
Well, I'm not an expert in s/w security, but I'll try to explain...
[snip]
But, again, I'm not an expert in this area, so its only a suggestion.
I thought it was fairly apparent that the current code supports passing a string that is *NOT* null terminated. This can be convenient if you extract a sub-string from a command line and do not need to make a copy that is NULL terminate or perform 'strtok()' type magic.
Fwiw, Bill Pringlemeir.