On Thu, 12 Nov 2009, Casey Schaufler wrote: > I strongly suggest that this is not what is wanted. > strcmp(x,y) > and > strncmp(x,y,sizeof(y)) > > are functionally equivalent and strcmp has a bad reputation in > the security community because it is associated with potential > buffer overrun issues. Do you see potential for a buffer overrun in this case? The strings being compared are "sysfs" and the name field of 'struct file_system_type'. The kernel code elsewhere assumes the latter string to be a valid zero-terminated string, and we should, too. - James -- James Morris <jmorris@xxxxxxxxx> -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
