On Wed, Jan 22, 2014 at 03:29:10PM +0100, Krzysztof Opasiak wrote:
> > -----Original Message-----
> > From: linux-usb-ow...@vger.kernel.org [mailto:linux-usb-
> > ow...@vger.kernel.org] On Behalf Of David Laight
> > Sent: Wednesday, January 22, 2014 3:16 PM
> > To: Stanislaw Wadas; matt.por...@linaro.org
> > Cc: linux-usb@vger.kernel.org; Piotr Bereza;
> > myungjoo....@samsung.com; Marek Szyprowski;
> > kyungmin.p...@samsung.com; Krzysztof Opasiak; Andrzej Pietrasiewicz
> > Subject: RE: [PATCH v5 1/4] libusbg: Replace array lengths with
> > defines
> >
> > From: Stanislaw Wadas
> > > Replace hard coded value of 256 by two constant
> > > defines, MAX_LENGTH and MAX_PATH_LENGTH
> >
> > Neither of those names is really very good.
> > They probably ought to be prefixed with USBG_
> > Mind you the rest of the file isn't much better.
>
> Yes, I would also suggest to make this USBG_MAX_STR_LENGTH and
> USBG_MAX_PATH_LENGTH.
>
> >
> > There are also some 'char name[40];'
>
> Maybe some USBG_MAX_NAME_LENGTH would be suitable here? What do you
> think Matt?
Yes, that looks good.
> > And code like:
> >
> > > static void usbg_write_buf(char *path, char *name, char *file,
> > char *buf)
> > > {
> > > - char p[256];
> > > + char p[MAX_LENGTH];
> > > FILE *fp;
> > >
> > > sprintf(p, "%s/%s/%s", path, name, file);
> >
> > Is just waiting for a security alert.
>
> Yes that's true. In future versions this will be fixed with more secure
> mechanism.
Yeah, one thing at a time. We also have all of your fixes I'd like to
get merged on top of this before we address the security issues.
-Matt
--
To unsubscribe from this list: send the line "unsubscribe linux-usb" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
