From: Chao Yu <chao@kernel.org>
To: Sheng Yong <shengyong1@huawei.com>
Cc: jaegeuk@kernel.org, linux-f2fs-devel@lists.sourceforge.net
Subject: Re: [RFC PATCH] mkfs.f2fs: avoid dumplicate extension
Date: Sat, 28 Nov 2015 10:31:41 +0800 [thread overview]
Message-ID: <5659120D.7050007@kernel.org> (raw)
In-Reply-To: <5658F7CC.7030402@huawei.com>
Hi Sheng Yong,
On 11/28/15 8:39 AM, Sheng Yong wrote:
>
> On 11/27/2015 9:09 PM, Chao Yu wrote:
>> Hi Sheng Yong,
>>
>> On 11/28/15 12:55 AM, Sheng Yong wrote:
>>> Before copying user specified extension to extension_list, check if it is
>>> already in the list.
>>>
>>> Signed-off-by: Sheng Yong <shengyong1@huawei.com>
>>> ---
>>> mkfs/f2fs_format.c | 23 ++++++++++++++++++++++-
>>> 1 file changed, 22 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/mkfs/f2fs_format.c b/mkfs/f2fs_format.c
>>> index 176bdea..b7ea19f 100644
>>> --- a/mkfs/f2fs_format.c
>>> +++ b/mkfs/f2fs_format.c
>>> @@ -118,6 +118,26 @@ const char *media_ext_lists[] = {
>>> NULL
>>> };
>>>
>>> +static int extension_exist(const char *name, const int len)
>>
>> bool is_extension_exist?
>>
>>> +{
>>> + const char **extlist = media_ext_lists;
>>> + int name_len, min_len;
>>> + int ret;
>>> +
>>> +
>>> + while (*extlist) {
>>> + name_len = strlen(*extlist);
>>> + min_len = name_len < len ? name_len : len;
>>> + ret = strncmp(*extlist, name, min_len);
>>
>> How about using strcmp(*extlist, name)? It will return 0 only if the two strings
>> are the same.
>>
> Hi, Chao Yu
>
> Thanks for your reply. I was considering strcmp may have security issue.
Could you share details about the security issue of using strcmp?
Thanks,
>>> +
>>> + if (ret == 0 && name_len == len)
>>> + return 1;
>>> + extlist++;
>>> + }
>>> +
>>> + return 0;
>>> +}
>>> +
>>> static void configure_extension_list(void)
>>> {
>>> const char **extlist = media_ext_lists;
>>> @@ -144,7 +164,8 @@ static void configure_extension_list(void)
>>> ue = strtok(ext_str, ",");
>>> while (ue != NULL) {
>>> name_len = strlen(ue);
>>
>> We should verify the length of extension to avoid memcpy overflow. I will send a
>> patch for fixing.
> I agree. And I think we should make sure there is a '\0' at the end of each string
> in extension_list.
>>
>>> - memcpy(sb.extension_list[i++], ue, name_len);
>>> + if (!extension_exist(ue, name_len))
>>
>> How do you think of comparing extension user defined with sb.extension_list?
>> In this way, duplication user defined can be avoided completely.
> Right. I'll send a v2 latter.
>
> thanks,
> Sheng
>>
>> Thanks,
>>
>>> + memcpy(sb.extension_list[i++], ue, name_len);
>>> ue = strtok(NULL, ",");
>>> if (i >= F2FS_MAX_EXTENSION)
>>> break;
>>>
>>
>> .
>>
>
------------------------------------------------------------------------------
next prev parent reply other threads:[~2015-11-28 2:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-27 16:55 [RFC PATCH] mkfs.f2fs: avoid dumplicate extension Sheng Yong
2015-11-27 13:09 ` Chao Yu
2015-11-28 0:39 ` Sheng Yong
2015-11-28 2:31 ` Chao Yu [this message]
2015-11-28 2:45 ` Sheng Yong
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5659120D.7050007@kernel.org \
--to=chao@kernel.org \
--cc=jaegeuk@kernel.org \
--cc=linux-f2fs-devel@lists.sourceforge.net \
--cc=shengyong1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).