[Asterisk-Dev] Is anyone thinking anymore?
Karl Brose
khb at brose.com
Sat Jul 24 23:35:59 MST 2004
In recent CVS updates we can observe code changes (strangely called
"source audits") such as those quoted below.
The old code is perfectly legal, stable, safe, technically sound, and
readable.
Yet, some people in this community insist on infecting good code with
nonsense, as in this example.
Folks, just because it's wise to limit string lengths when copying in
some situations to avoid overflows,
it doesn't make any sense to just mechanically apply these things to
every situation without thought and call it "source audits" or what ever.
chan_sip.c is now littered with this crap.
Is anyone thinking anymore?
struct sip_user *user;
- char ilimits[40];
- char olimits[40];
+ char ilimits[40] = "";
+ char olimits[40] = "";
char iused[40];
char oused[40];
if (argc != 3)
@@ -5359,11 +5375,11 @@
if (user->incominglimit)
snprintf(ilimits, sizeof(ilimits), "%d",
user->incominglimit);
else
- strcpy(ilimits, "N/A");
+ strncpy(ilimits, "N/A", sizeof(ilimits) - 1);
if (user->outgoinglimit)
snprintf(olimits, sizeof(olimits), "%d",
user->outgoinglimit);
else
- strcpy(olimits, "N/A");
+ strncpy(olimits, "N/A", sizeof(olimits) - 1);
snprintf(iused, sizeof(iused), "%d", user->inUse);
snprintf(oused, sizeof(oused), "%d", user->outUse);
More information about the asterisk-dev
mailing list