[Asterisk-Dev] Is anyone thinking anymore?
Brian
lists001 at brianchristie.com
Sun Jul 25 00:27:36 MST 2004
This list is for discussion of the asterisk documentation project.
http://www.asteriskdocs.org .
The below message belongs on the -dev list,
http://lists.digium.com/mailman/listinfo/asterisk-dev .
Thanks :)
-Brian
Karl Brose wrote:
>
> In recent CVS updates we can observe code changes (strangely called
> "source audits") such as those quoted below.
> The old code is perfectly legal, stable, safe, technically sound, and
> readable.
>
> Yet, some people in this community insist on infecting good code with
> nonsense, as in this example.
>
> Folks, just because it's wise to limit string lengths when copying in
> some situations to avoid overflows,
> it doesn't make any sense to just mechanically apply these things to
> every situation without thought and call it "source audits" or what ever.
> chan_sip.c is now littered with this crap.
>
> Is anyone thinking anymore?
>
>
>
> struct sip_user *user;
> - char ilimits[40];
> - char olimits[40];
> + char ilimits[40] = "";
> + char olimits[40] = "";
> char iused[40];
> char oused[40];
> if (argc != 3)
> @@ -5359,11 +5375,11 @@
> if (user->incominglimit)
> snprintf(ilimits, sizeof(ilimits), "%d",
> user->incominglimit);
> else
> - strcpy(ilimits, "N/A");
> + strncpy(ilimits, "N/A", sizeof(ilimits) - 1);
> if (user->outgoinglimit)
> snprintf(olimits, sizeof(olimits), "%d",
> user->outgoinglimit);
> else
> - strcpy(olimits, "N/A");
> + strncpy(olimits, "N/A", sizeof(olimits) - 1);
> snprintf(iused, sizeof(iused), "%d", user->inUse);
> snprintf(oused, sizeof(oused), "%d", user->outUse);
>
More information about the asterisk-dev
mailing list