[U-Boot] A minor question on a Driver Model function

Igor Grinberg grinberg at compulab.co.il
Wed Sep 17 15:41:26 CEST 2014


On 09/17/14 11:18, Masahiro Yamada wrote:
> Hi Igor,
> 
> 
> 
> On Mon, 15 Sep 2014 11:04:20 +0300
> Igor Grinberg <grinberg at compulab.co.il> wrote:
> 
>> Hi,
>>
>> On 09/14/14 21:28, Simon Glass wrote:
>>> Hi Masahiro,
>>>
>>> On 12 September 2014 05:25, Masahiro Yamada <yamada.m at jp.panasonic.com> wrote:
>>>> Hi Simon,
>>>>
>>>>
>>>> I have a qustion about lists_driver_lookup_name() function.
>>>>
>>>>
>>>>
>>>>         for (entry = drv; entry != drv + n_ents; entry++) {
>>>>                 if (strncmp(name, entry->name, len))
>>>>                         continue;
>>>>
>>>>                 /* Full match */
>>>>                 if (len == strlen(entry->name))
>>>>                         return entry;
>>>>         }
>>>>
>>>>
>>>>
>>>>
>>>> Why is this not like follows?
>>>>
>>>>
>>>>
>>>>
>>>>         for (entry = drv; entry != drv + n_ents; entry++) {
>>>>                 if (!strcmp(name, entry->name))
>>>>                         return entry;
>>>>         }
>>
>> I would suggest still using strncmp as it is safer,
>> but count also the '\0', so something like:
> 
> Why safer?
> 
> Could you give me more detailed explanation?

Well, I'm not an expert in s/w security, but I'll try to explain...

strcmp() walks the strings and never stops until it reaches '\0'
in either of strings.
In theory (or by mistake), you can supply strings that are not '\0'
terminated and strcmp() will continue running on addresses where
it is not supposed to.
This can lead to exceptions, crashes, etc..

Since this is a library code, I would expect it to be immune to
that kind of problem.

But, again, I'm not an expert in this area, so its only a suggestion.

-- 
Regards,
Igor.


More information about the U-Boot mailing list