> >>> + if (strlen(dioctl.cf_ctrl.msn) >= sizeof(dioctl.cf_ctrl.msn)) > >>> + return -EINVAL; ... > So far i see you do not get a string, you get a structure. And > it will hard to validate the element is a useful string. > I think my (sledgehammer) method is ok here because you > make sure that all later calls (strcmp,strcpy) will succeed. > If someone supplies a bad string the later calls will catch > by failing to identify and return a proper code from there > (at least i hope so). > > re, > wh Except that the strlen() can run right off the end of the structure - and might eventually fault. You need to use something like strnlen(). David -- To unsubscribe from this list: send the line "unsubscribe kernel-janitors" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
