[Asterisk-Dev] Is anyone thinking anymore?

Karl Brose khb at brose.com
Sat Jul 24 23:35:59 MST 2004


In recent CVS updates we can observe code changes (strangely called 
"source audits") such as those quoted below.
The old code is perfectly legal, stable, safe, technically sound, and 
readable.

Yet, some people in this community insist on infecting good code with 
nonsense, as in this example.

Folks, just because it's wise to limit string lengths when copying in 
some situations to avoid overflows,
it doesn't make any sense to just mechanically apply these things to 
every situation without thought and call it "source audits" or what ever.
chan_sip.c is now littered with this crap.

Is anyone thinking anymore?



        struct sip_user *user;
-       char ilimits[40];
-       char olimits[40];
+       char ilimits[40] = "";
+       char olimits[40] = "";
        char iused[40];
        char oused[40];
        if (argc != 3)
@@ -5359,11 +5375,11 @@
                if (user->incominglimit)
                        snprintf(ilimits, sizeof(ilimits), "%d", 
user->incominglimit);
                else
-                       strcpy(ilimits, "N/A");
+                       strncpy(ilimits, "N/A", sizeof(ilimits) - 1);
                if (user->outgoinglimit)
                        snprintf(olimits, sizeof(olimits), "%d", 
user->outgoinglimit);
                else
-                       strcpy(olimits, "N/A");
+                       strncpy(olimits, "N/A", sizeof(olimits) - 1);
                snprintf(iused, sizeof(iused), "%d", user->inUse);
                snprintf(oused, sizeof(oused), "%d", user->outUse);




More information about the asterisk-dev mailing list