> -----Original Message----- > From: linux-usb-owner@xxxxxxxxxxxxxxx [mailto:linux-usb- > owner@xxxxxxxxxxxxxxx] On Behalf Of David Laight > Sent: Wednesday, January 22, 2014 3:16 PM > To: Stanislaw Wadas; matt.porter@xxxxxxxxxx > Cc: linux-usb@xxxxxxxxxxxxxxx; Piotr Bereza; > myungjoo.ham@xxxxxxxxxxx; Marek Szyprowski; > kyungmin.park@xxxxxxxxxxx; Krzysztof Opasiak; Andrzej Pietrasiewicz > Subject: RE: [PATCH v5 1/4] libusbg: Replace array lengths with > defines > > From: Stanislaw Wadas > > Replace hard coded value of 256 by two constant > > defines, MAX_LENGTH and MAX_PATH_LENGTH > > Neither of those names is really very good. > They probably ought to be prefixed with USBG_ > Mind you the rest of the file isn't much better. Yes, I would also suggest to make this USBG_MAX_STR_LENGTH and USBG_MAX_PATH_LENGTH. > > There are also some 'char name[40];' Maybe some USBG_MAX_NAME_LENGTH would be suitable here? What do you think Matt? > > And code like: > > > static void usbg_write_buf(char *path, char *name, char *file, > char *buf) > > { > > - char p[256]; > > + char p[MAX_LENGTH]; > > FILE *fp; > > > > sprintf(p, "%s/%s/%s", path, name, file); > > Is just waiting for a security alert. Yes that's true. In future versions this will be fixed with more secure mechanism. -- BR's Krzysztof Opasiak Samsung R&D Institute Poland Samsung Electronics k.opasiak@xxxxxxxxxxx -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
