Re: [OE-core] [PATCH] makedevs: Fix matching uid/gid

[Jaeyoon Jung (LGE)]

On Sat, Aug 17, 2024 at 06:47 AM, Richard Purdie wrote: I'm afraid I don't understand the problem here. If partial matching is occurring, doesn't that mean MAX_ID_LEN is wrong? If we drop the strncmp() here, that appears to put us at risk of buffer overflow problems, particularly if MAX_ID_LEN is too short? Can you give an example of how this is failing and where the above change helps? (Sorry for being late responding on this. It has been missing in my INBOX somehow.) A typical case where it is failing is when id_buf is shorter than node->name and they match partially, e.g, id_buf is "foo" and node->name is "foobar". Note that it's using strlen(id_buf), not strlen(MAX_ID_LEN). I believe using strcmp() here is safe because it is guaranteed that both strings cannot be longer than MAX_ID_LEN(=MAX_NAME_LEN) and are always NULL-terminated. Best regards, --- Jaeyoon Jung

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#203744): 
https://lists.openembedded.org/g/openembedded-core/message/203744
Mute This Topic: https://lists.openembedded.org/mt/107888859/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-