On Mon, 2024-08-26 at 19:07 +0900, Jung Jaeyoon(Jay) wrote:
> On Sat, Aug 17, 2024 at 06:47 AM, Richard Purdie wrote:
> > I'm afraid I don't understand the problem here. If partial matching
> > is occurring, doesn't that mean MAX_ID_LEN is wrong?
> >
> > If we drop the strncmp() here, that appears to put us at risk of
> > buffer overflow problems, particularly if MAX_ID_LEN is too short?
> >
> > Can you give an example of how this is failing and where the above
> > change helps?
>
>
> (Sorry for being late responding on this. It has been missing in my
> INBOX somehow.)
>
> A typical case where it is failing is when id_buf is shorter than
> node->name and they match partially, e.g, id_buf is "foo" and node-
> >name is "foobar".
> Note that it's using strlen(id_buf), not strlen(MAX_ID_LEN).
convert2guid, where the strlen is located, is called from two places
both in interpret_table_entry() and there the buffer is defined as:
char usr_buf[MAX_ID_LEN];
char grp_buf[MAX_ID_LEN];
The name field of node is defined as:
char name[MAX_NAME_LEN+1]
which could be a problem if they differ but:
#define MAX_ID_LEN 40
#define MAX_NAME_LEN 40
so the only issue I can see is there is perhaps an off by one on the
length definition?
> I believe using strcmp() here is safe because it is guaranteed that
> both strings cannot be longer than MAX_ID_LEN(=MAX_NAME_LEN) and are
> always NULL-terminated.
Perhaps, but I think the existing code should work and if there is a
bug, I'd like to understand what it is. Is the issue an off by one on
the length?
I'd ask again if you have an actual example of the failure? Is it only
with strings of 39/40 length?
Cheers,
Richard
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#203750):
https://lists.openembedded.org/g/openembedded-core/message/203750
Mute This Topic: https://lists.openembedded.org/mt/107888859/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
