[asterisk-bugs] [Zaptel 0011471]: [patch] unsafe use of strncpy
noreply at bugs.digium.com
noreply at bugs.digium.com
Sat Jun 7 13:52:03 CDT 2008
A NOTE has been added to this issue.
======================================================================
http://bugs.digium.com/view.php?id=11471
======================================================================
Reported By: flefoll
Assigned To: jpeeler
======================================================================
Project: Zaptel
Issue ID: 11471
Category: General
Reproducibility: always
Severity: minor
Priority: normal
Status: closed
Zaptel Version: SVN
SVN Branch (only for SVN checkouts, not tarball releases): 1.4
SVN Revision (number only!): 3317
Disclaimer on File?: N/A
Request Review:
Resolution: fixed
Fixed in Version:
======================================================================
Date Submitted: 12-05-2007 03:15 CST
Last Modified: 06-07-2008 13:52 CDT
======================================================================
Summary: [patch] unsafe use of strncpy
Description:
strncpy(dst, src, len) makes a copy of src towards dst, limited to len
characters, but does NOT guarantee a final null character. So if you want
to obtain a "traditional" null-terminated string, extra work is required.
Zaptel uses strncpy in many places, but most often does not do this extra
work, while destination initial contents is undetermined (stack, ...).
I suggest to use snprintf() instead of strncpy(), since snprintf does
guarantee a final null character. Constraint : snprintf requires including
stdio.h, while strncpy requires including strings.h.
See additional information for the list of files that use strncpy.
I will upload patches for a number of them (not all at the moment).
The same work should be done on SVN Trunk, but it did not compile
yesterday for me (Fedora 7)
======================================================================
----------------------------------------------------------------------
svnbot - 06-07-08 13:52
----------------------------------------------------------------------
Repository: dahdi
Revision: 3846
U branches/1.4/fxotune.c
U branches/1.4/kernel/hpec/hpec_zaptel.h
U branches/1.4/kernel/jpah.h
U branches/1.4/kernel/kb1ec.h
U branches/1.4/kernel/mg2ec.h
U branches/1.4/kernel/sec-2.h
U branches/1.4/kernel/sec.h
U branches/1.4/kernel/tor2.c
U branches/1.4/kernel/torisa.c
U branches/1.4/kernel/wcfxo.c
U branches/1.4/kernel/wct1xxp.c
U branches/1.4/kernel/wct4xxp/base.c
U branches/1.4/kernel/wct4xxp/wct4xxp-diag.c
U branches/1.4/kernel/wctdm.c
U branches/1.4/kernel/wctdm24xxp/base.c
U branches/1.4/kernel/wcte11xp.c
U branches/1.4/kernel/wcte12xp/base.c
U branches/1.4/kernel/wcusb.c
U branches/1.4/kernel/zaptel-base.c
U branches/1.4/kernel/zaptel.h
U branches/1.4/kernel/ztd-eth.c
U branches/1.4/kernel/ztdummy.c
U branches/1.4/kernel/ztdynamic.c
U branches/1.4/kernel/zttranscode.c
U branches/1.4/ppp/zaptel.c
U branches/1.4/sethdlc-new.c
U branches/1.4/sethdlc.c
U branches/1.4/tonezone.c
U branches/1.4/ztcfg-dude.c
U branches/1.4/ztcfg.c
U branches/1.4/ztmonitor.c
------------------------------------------------------------------------
r3846 | jpeeler | 2008-06-07 13:52:02 -0500 (Sat, 07 Jun 2008) | 1 line
Closes issue http://bugs.digium.com/view.php?id=11471. Replaced instances of
strncpy with zap_copy_string
(added to zaptel.h) to fix any off by one errors and ensure destination
string is NULL terminated.
------------------------------------------------------------------------
http://svn.digium.com/view/dahdi?view=rev&revision=3846
Issue History
Date Modified Username Field Change
======================================================================
06-07-08 13:52 svnbot Checkin
06-07-08 13:52 svnbot Note Added: 0088381
======================================================================
More information about the asterisk-bugs
mailing list