Hi Bill,
On 09/17/14 18:25, Bill Pringlemeir wrote:
>
>> On 12 September 2014 05:25, Masahiro Yamada <yamad...@jp.panasonic.com>
>> wrote:
>
>>>>>> I have a qustion about lists_driver_lookup_name() function.
>
>>>>>> for (entry = drv; entry != drv + n_ents; entry++) {
>>>>>> if (strncmp(name, entry->name, len))
>>>>>> continue;
>
>>>>>> /* Full match */
>>>>>> if (len == strlen(entry->name))
>>>>>> return entry;
>>>>>> }
>
>>>> On 09/14/14 21:28, Simon Glass wrote:
>
>>>> I would suggest still using strncmp as it is safer,
>>>> but count also the '\0', so something like:
>
> On 17 Sep 2014, grinb...@compulab.co.il wrote:
>
>>> Why safer?
>
>>> Could you give me more detailed explanation?
>
>> On 09/17/14 11:18, Masahiro Yamada wrote:
>
>> Well, I'm not an expert in s/w security, but I'll try to explain...
>
> [snip]
>
>> But, again, I'm not an expert in this area, so its only a suggestion.
>
> I thought it was fairly apparent that the current code supports passing
> a string that is *NOT* null terminated. This can be convenient if you
> extract a sub-string from a command line and do not need to make a copy
> that is NULL terminate or perform 'strtok()' type magic.
Here is the whole function:
------------------------------cut--------------------------
struct driver *lists_driver_lookup_name(const char *name)
{
struct driver *drv =
ll_entry_start(struct driver, driver);
const int n_ents = ll_entry_count(struct driver, driver);
struct driver *entry;
int len;
if (!drv || !n_ents)
return NULL;
len = strlen(name);
for (entry = drv; entry != drv + n_ents; entry++) {
if (strncmp(name, entry->name, len))
continue;
/* Full match */
if (len == strlen(entry->name))
return entry;
}
/* Not found */
return NULL;
}
------------------------------cut--------------------------
and... no, the code does not support passing a string that is
not null terminated.
--
Regards,
Igor.
_______________________________________________
U-Boot mailing list
U-Boot@lists.denx.de
http://lists.denx.de/mailman/listinfo/u-boot
