On Wed, Jan 22, 2014 at 03:29:10PM +0100, Krzysztof Opasiak wrote: > > -----Original Message----- > > From: linux-usb-owner@xxxxxxxxxxxxxxx [mailto:linux-usb- > > owner@xxxxxxxxxxxxxxx] On Behalf Of David Laight > > Sent: Wednesday, January 22, 2014 3:16 PM > > To: Stanislaw Wadas; matt.porter@xxxxxxxxxx > > Cc: linux-usb@xxxxxxxxxxxxxxx; Piotr Bereza; > > myungjoo.ham@xxxxxxxxxxx; Marek Szyprowski; > > kyungmin.park@xxxxxxxxxxx; Krzysztof Opasiak; Andrzej Pietrasiewicz > > Subject: RE: [PATCH v5 1/4] libusbg: Replace array lengths with > > defines > > > > From: Stanislaw Wadas > > > Replace hard coded value of 256 by two constant > > > defines, MAX_LENGTH and MAX_PATH_LENGTH > > > > Neither of those names is really very good. > > They probably ought to be prefixed with USBG_ > > Mind you the rest of the file isn't much better. > > Yes, I would also suggest to make this USBG_MAX_STR_LENGTH and > USBG_MAX_PATH_LENGTH. > > > > > There are also some 'char name[40];' > > Maybe some USBG_MAX_NAME_LENGTH would be suitable here? What do you > think Matt? Yes, that looks good. > > And code like: > > > > > static void usbg_write_buf(char *path, char *name, char *file, > > char *buf) > > > { > > > - char p[256]; > > > + char p[MAX_LENGTH]; > > > FILE *fp; > > > > > > sprintf(p, "%s/%s/%s", path, name, file); > > > > Is just waiting for a security alert. > > Yes that's true. In future versions this will be fixed with more secure > mechanism. Yeah, one thing at a time. We also have all of your fixes I'd like to get merged on top of this before we address the security issues. -Matt -- To unsubscribe from this list: send the line "unsubscribe linux-usb" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
