[U-Boot] A minor question on a Driver Model function

Bill Pringlemeir bpringlemeir at nbsps.com
Wed Sep 17 17:25:59 CEST 2014


> On 12 September 2014 05:25, Masahiro Yamada <yamada.m at jp.panasonic.com> wrote:

>>>>> I have a qustion about lists_driver_lookup_name() function.

>>>>> for (entry = drv; entry != drv + n_ents; entry++) {
>>>>> if (strncmp(name, entry->name, len))
>>>>> continue;

>>>>> /* Full match */
>>>>> if (len == strlen(entry->name))
>>>>> return entry;
>>>>> }

>>> On 09/14/14 21:28, Simon Glass wrote:

>>> I would suggest still using strncmp as it is safer,
>>> but count also the '\0', so something like:

On 17 Sep 2014, grinberg at compulab.co.il wrote:

>> Why safer?

>> Could you give me more detailed explanation?

> On 09/17/14 11:18, Masahiro Yamada wrote:

> Well, I'm not an expert in s/w security, but I'll try to explain...

[snip]

> But, again, I'm not an expert in this area, so its only a suggestion.

I thought it was fairly apparent that the current code supports passing
a string that is *NOT* null terminated.  This can be convenient if you
extract a sub-string from a command line and do not need to make a copy
that is NULL terminate or perform 'strtok()' type magic.

Fwiw,
Bill Pringlemeir.


More information about the U-Boot mailing list