On Wed, Apr 24, 2024 at 10:19:54AM +0200, Roger Pau Monne wrote:
> It's incorrect to restrict strncmp to the length of the command line input
> parameter, as then a user passing a rune like:
>
> % xen-livepatch up foo.livepatch
>
> Would match against the "upload" command, because the string comparison has
> been truncated to the length of the input argument. Use strcmp instead which
> doesn't truncate. Otherwise in order to keep using strncmp we would need to
> also check strings are of the same length before doing the comparison.
>
> Fixes: 05bb8afedede ('xen-xsplice: Tool to manipulate xsplice payloads')
> Signed-off-by: Roger Pau Monné <[email protected]>
Acked-by: Anthony PERARD <[email protected]>
Thanks,
--
Anthony PERARD
