[Asterisk-Dev] Asterisk Code Flow

Rob Gagnon rob at networkip.net
Wed Jul 7 02:07:57 MST 2004 

Well, I had found one bad snprintf( ) and strncpy( ) call earlier yesterday,
and opened this bug:

http://bugs.digium.com/bug_view_page.php?bug_id=0001977

I have since auditted the app_voicemail.c program for other bad snprintf()
calls to be more thorough, and to take into account the rotten snprintf( )
noted below by people on this list.

The 14K patch for bug 1977 should clean up a lot of stuff.

Rob

----- Original Message ----- 
From: "Rob Gagnon" <rob at networkip.net>
To: <asterisk-dev at lists.digium.com>
Sent: Wednesday, July 07, 2004 3:08 AM
Subject: Re: [Asterisk-Dev] Asterisk Code Flow


> Now, that snprintf is a doosie!
>
> sizeof(fn) and sizeof(curbox) are probably 4
>
> Let me see if we can fix that one... Who wrote that?
>
>
>
> ----- Original Message ----- 
> From: "Wolfgang S. Rupprecht" <list+asterisk-dev at lists.wsrcc.com>
> To: <asterisk-dev at lists.digium.com>
> Sent: Wednesday, July 07, 2004 12:12 AM
> Subject: Re: [Asterisk-Dev] Asterisk Code Flow
>
>
> >
> > asterisk at not-real.org (Nicholas Bachmann) writes:
> > > Asterisk has some pretty clean code compared a beast like Sendmail or
> > > BIND :-)
> >
> > Care to explain how this code works?
> >
> > >From: asterisk/apps/app_voicemail.c
> > >
> > >  static int vm_browse_messages(struct ast_channel *chan, struct
vm_state
> *vms, struct ast_vm_user *vmu, int lastmsg, int curmsg, char *fn, char
> *curbox)
> > >  {
> > >  ...
> > >                          snprintf(fn, sizeof(fn) + sizeof(curbox) + 2,
> "vm-%s", curbox);
> > >  ...
> > >  }
> >
> > Yes, Asterisk is a great PBX, and I'm very grateful to Mark for making
> > it available under GPL.  I'm having a blast playing with it and
> > learning how things work.  This is one very fun toy!
> >
> > On the other hand, the folks thinking that asterisk is as safe as
> > sendmail or bind need to read the code a bit more closely.  I have no
> > doubts it will be great some day very soon, but it isn't quite there
> > yet.
> >
> > -wolfgang
> > -- 
> > Wolfgang S. Rupprecht                http://www.wsrcc.com/wolfgang/
> > openbsd asterisk
> http://www.wsrcc.com/wolfgang/ftp/asterisk-openbsd35.patch
> > _______________________________________________
> > Asterisk-Dev mailing list
> > Asterisk-Dev at lists.digium.com
> > http://lists.digium.com/mailman/listinfo/asterisk-dev
> > To UNSUBSCRIBE or update options visit:
> >    http://lists.digium.com/mailman/listinfo/asterisk-dev
>
> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list