On Sat, Aug 17, 2024 at 06:47 AM, Richard Purdie wrote:

I'm afraid I don't understand the problem here. If partial matching is
occurring, doesn't that mean MAX_ID_LEN is wrong?

If we drop the strncmp() here, that appears to put us at risk of buffer
overflow problems, particularly if MAX_ID_LEN is too short?

Can you give an example of how this is failing and where the above
change helps?

(Sorry for being late responding on this. It has been missing in my INBOX somehow.)

A typical case where it is failing is when id_buf is shorter than node->name and they match partially, e.g, id_buf is "foo" and node->name is "foobar".
Note that it's using strlen(id_buf), not strlen(MAX_ID_LEN).
I believe using strcmp() here is safe because it is guaranteed that both strings cannot be longer than MAX_ID_LEN(=MAX_NAME_LEN) and are always NULL-terminated.


Best regards,

---
Jaeyoon Jung


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#203744): 
https://lists.openembedded.org/g/openembedded-core/message/203744
Mute This Topic: https://lists.openembedded.org/mt/107888859/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to