[Asterisk-code-review] app_osplookup.c: Avoid a format truncation. (asterisk[master])
George Joseph
asteriskteam at digium.com
Mon Apr 6 13:41:23 CDT 2020
George Joseph has posted comments on this change. ( https://gerrit.asterisk.org/c/asterisk/+/14086 )
Change subject: app_osplookup.c: Avoid a format truncation.
......................................................................
Patch Set 1:
(1 comment)
https://gerrit.asterisk.org/c/asterisk/+/14086/1/apps/app_osplookup.c
File apps/app_osplookup.c:
https://gerrit.asterisk.org/c/asterisk/+/14086/1/apps/app_osplookup.c@997
PS1, Line 997: char buffer[OSP_SIZE_NORSTR - strlen("[]:")];
> Please, take that change over because I do not know what you mean. The snprintf below created the warning because it adds at least [] or even []:.
Yeah OK but in that case, the calling functions should be passing in a buffer large enough to handle it instead of possibly truncating src so it fits in the destination. I.E. In osp_validate_token and osp_lookup, the destinations should be OSP_SIZE_NORSTR + 3.
--
To view, visit https://gerrit.asterisk.org/c/asterisk/+/14086
To unsubscribe, or for help writing mail filters, visit https://gerrit.asterisk.org/settings
Gerrit-Project: asterisk
Gerrit-Branch: master
Gerrit-Change-Id: Ie54c8241ff0cc653910539c2db00ff2a4869750b
Gerrit-Change-Number: 14086
Gerrit-PatchSet: 1
Gerrit-Owner: Alexander Traud <pabstraud at compuserve.com>
Gerrit-Reviewer: Friendly Automation
Gerrit-Reviewer: George Joseph <gjoseph at digium.com>
Gerrit-Comment-Date: Mon, 06 Apr 2020 18:41:23 +0000
Gerrit-HasComments: Yes
Gerrit-Has-Labels: No
Comment-In-Reply-To: George Joseph <gjoseph at digium.com>
Comment-In-Reply-To: Alexander Traud <pabstraud at compuserve.com>
Gerrit-MessageType: comment
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-code-review/attachments/20200406/83cfe449/attachment.html>
More information about the asterisk-code-review
mailing list