Valdis.Kletnieks@xxxxxx wrote: > On Thu, 12 Nov 2009 18:11:55 PST, Casey Schaufler said: > >> James Morris wrote: >> >>> Do you see potential for a buffer overrun in this case? >>> > > >> No, but I hate arguing with people who think that every time >> they see strcmp that they have found a security flaw. >> > > How do you feel about people who think every time they see strcmp() > "Oh crap, something that needs auditing"? ;) > They have my deep sympathy. Which is why I'm advocating leaving the perfectly functional and correct use of strncmp() as it is. > The biggest problem with strcmp() is that even if it got audited when that code > went in, it's prone to unaudited breakage when somebody changes something in > some other piece of code, quite often in some other .c file in some other > directory. > > Julia, is there a way to use coccinelle to detect unsafe changes like that? Or > is expressing those semantics too difficult? > > > -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
