[asterisk-bugs] [Zaptel 0011471]: [patch] unsafe use of strncpy

noreply at bugs.digium.com noreply at bugs.digium.com
Sat Jun 7 13:52:03 CDT 2008


A NOTE has been added to this issue. 
====================================================================== 
http://bugs.digium.com/view.php?id=11471 
====================================================================== 
Reported By:                flefoll
Assigned To:                jpeeler
====================================================================== 
Project:                    Zaptel
Issue ID:                   11471
Category:                   General
Reproducibility:            always
Severity:                   minor
Priority:                   normal
Status:                     closed
Zaptel Version:              SVN 
SVN Branch (only for SVN checkouts, not tarball releases):  1.4  
SVN Revision (number only!): 3317 
Disclaimer on File?:        N/A 
Request Review:              
Resolution:                 fixed
Fixed in Version:           
====================================================================== 
Date Submitted:             12-05-2007 03:15 CST
Last Modified:              06-07-2008 13:52 CDT
====================================================================== 
Summary:                    [patch] unsafe use of strncpy
Description: 
strncpy(dst, src, len) makes a copy of src towards dst, limited to len
characters, but does NOT guarantee a final null character. So if you want
to obtain a "traditional" null-terminated string, extra work is required.

Zaptel uses strncpy in many places, but most often does not do this extra
work, while destination initial contents is undetermined (stack, ...).

I suggest to use snprintf() instead of strncpy(), since snprintf does
guarantee a final null character. Constraint : snprintf requires including
stdio.h, while strncpy requires including strings.h.

See additional information for the list of files that use strncpy.

I will upload patches for a number of them (not all at the moment).

The same work should be done on SVN Trunk, but it did not compile
yesterday for me (Fedora 7)
====================================================================== 

---------------------------------------------------------------------- 
 svnbot - 06-07-08 13:52  
---------------------------------------------------------------------- 
Repository: dahdi
Revision: 3846

U   branches/1.4/fxotune.c
U   branches/1.4/kernel/hpec/hpec_zaptel.h
U   branches/1.4/kernel/jpah.h
U   branches/1.4/kernel/kb1ec.h
U   branches/1.4/kernel/mg2ec.h
U   branches/1.4/kernel/sec-2.h
U   branches/1.4/kernel/sec.h
U   branches/1.4/kernel/tor2.c
U   branches/1.4/kernel/torisa.c
U   branches/1.4/kernel/wcfxo.c
U   branches/1.4/kernel/wct1xxp.c
U   branches/1.4/kernel/wct4xxp/base.c
U   branches/1.4/kernel/wct4xxp/wct4xxp-diag.c
U   branches/1.4/kernel/wctdm.c
U   branches/1.4/kernel/wctdm24xxp/base.c
U   branches/1.4/kernel/wcte11xp.c
U   branches/1.4/kernel/wcte12xp/base.c
U   branches/1.4/kernel/wcusb.c
U   branches/1.4/kernel/zaptel-base.c
U   branches/1.4/kernel/zaptel.h
U   branches/1.4/kernel/ztd-eth.c
U   branches/1.4/kernel/ztdummy.c
U   branches/1.4/kernel/ztdynamic.c
U   branches/1.4/kernel/zttranscode.c
U   branches/1.4/ppp/zaptel.c
U   branches/1.4/sethdlc-new.c
U   branches/1.4/sethdlc.c
U   branches/1.4/tonezone.c
U   branches/1.4/ztcfg-dude.c
U   branches/1.4/ztcfg.c
U   branches/1.4/ztmonitor.c

------------------------------------------------------------------------
r3846 | jpeeler | 2008-06-07 13:52:02 -0500 (Sat, 07 Jun 2008) | 1 line

Closes issue http://bugs.digium.com/view.php?id=11471. Replaced instances of
strncpy with zap_copy_string
(added to zaptel.h) to fix any off by one errors and ensure destination
string is NULL terminated.
------------------------------------------------------------------------

http://svn.digium.com/view/dahdi?view=rev&revision=3846 

Issue History 
Date Modified   Username       Field                    Change               
====================================================================== 
06-07-08 13:52  svnbot         Checkin                                      
06-07-08 13:52  svnbot         Note Added: 0088381                          
======================================================================




More information about the asterisk-bugs mailing list