On Wed, 2006-01-04 at 14:27 -0800, Greg KH wrote:
> +static ssize_t usblp_show_ieee1284_id(struct device *dev, struct
> device_attribute *attr, char *buf)
> +{
> + struct usb_interface *intf = to_usb_interface(dev);
> + struct usblp *usblp = usb_get_intfdata (intf);
> +
> + if (usblp->device_id_string[0] == 0 &&
> + usblp->device_id_string[1] == 0)
> + return 0;
> +
> + return sprintf(buf, "%s", usblp->device_id_string+2);
> +}
Oh, that reminds me... there seem to be no length checks on any of these
functions. In this case I think it's OK because we've already checked
the length of usblp->device_id_string when we fetched it, but I couldn't
actually find an example which showed me an snprintf and the length I
_should_ be checking against, which made me nervous...
--
dwmw2
-------------------------------------------------------
This SF.net email is sponsored by: Splunk Inc. Do you grep through log files
for problems? Stop! Download the new AJAX search engine that makes
searching your log files as easy as surfing the web. DOWNLOAD SPLUNK!
http://ads.osdn.com/?ad_id=7637&alloc_id=16865&op=click
_______________________________________________
linux-usb-devel@lists.sourceforge.net
To unsubscribe, use the last form field at:
https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
