On Wed, May 17, 2017 at 8:24 AM, Sebastien Buisson <sbuisson.ddn@xxxxxxxxx> wrote: > 2017-05-17 17:09 GMT+02:00 William Roberts <bill.c.roberts@xxxxxxxxx>: >> On Wed, May 17, 2017 at 7:59 AM, Sebastien Buisson >> <sbuisson.ddn@xxxxxxxxx> wrote: >>> 2017-05-16 22:40 GMT+02:00 Stephen Smalley <sds@xxxxxxxxxxxxx>: >>>>> + strcpy(*brief, policydb.policybrief); >>>>> + /* *len is the length of the output string */ >>>>> + *len = policybrief_len - 1; >>>> >>>> Is there a particular reason to not just return policybrief_len here as >>>> well, for consistency in the interface? How do you intend to use this >>>> value in the caller? >>> >>> As called in the other patch to expose policy brief via selinuxfs >>> (sel_read_policybrief), the intent is to provide the caller with the >>> length of the string returned. >>> Or should I set *len to policy brief_len here, and just make the >>> caller aware that the returned length is in fact the length of the >>> buffer (i.e. including terminating NUL byte)? >> >> What is the caller supposed to do with length? This interface seemed kind of >> odd. If it's guaranteed NUL byte terminated, do they even need length? > > The length is useful as an input parameter in case the caller provides > its own buffer (instead of letting the function allocate one), and as This is what I don't get, why doesn't the function just always allocate? > an output parameter in case the buffer given in input is not large > enough. This interface seems "Windowsy" (inout parameters)... Iv'e been looking at it on and off for a few days and it just seems odd. Not odd enough for me to give it more negative review comments. > In any case, it can spare the caller the effort of recomputing the > length. As an example, sel_read_policybrief() in the 2/2 patch needs > to know the length of the string to put in the user buffer. Oh yeah, IIRC offhand, you're adding each LSMs brief info and using strcpy + length instead of strcat avoiding the null iteration?
