[Asterisk-Dev] Is anyone thinking anymore?
lists001 at brianchristie.com
Sun Jul 25 02:15:06 MST 2004
Whoops...So sorry, I'm not sure how I got confused like that.
> This list is for discussion of the asterisk documentation project.
> http://www.asteriskdocs.org .
> The below message belongs on the -dev list,
> http://lists.digium.com/mailman/listinfo/asterisk-dev .
> Thanks :)
> Karl Brose wrote:
>> In recent CVS updates we can observe code changes (strangely called
>> "source audits") such as those quoted below.
>> The old code is perfectly legal, stable, safe, technically sound, and
>> Yet, some people in this community insist on infecting good code with
>> nonsense, as in this example.
>> Folks, just because it's wise to limit string lengths when copying in
>> some situations to avoid overflows,
>> it doesn't make any sense to just mechanically apply these things to
>> every situation without thought and call it "source audits" or what ever.
>> chan_sip.c is now littered with this crap.
>> Is anyone thinking anymore?
>> struct sip_user *user;
>> - char ilimits;
>> - char olimits;
>> + char ilimits = "";
>> + char olimits = "";
>> char iused;
>> char oused;
>> if (argc != 3)
>> @@ -5359,11 +5375,11 @@
>> if (user->incominglimit)
>> snprintf(ilimits, sizeof(ilimits), "%d",
>> - strcpy(ilimits, "N/A");
>> + strncpy(ilimits, "N/A", sizeof(ilimits) - 1);
>> if (user->outgoinglimit)
>> snprintf(olimits, sizeof(olimits), "%d",
>> - strcpy(olimits, "N/A");
>> + strncpy(olimits, "N/A", sizeof(olimits) - 1);
>> snprintf(iused, sizeof(iused), "%d", user->inUse);
>> snprintf(oused, sizeof(oused), "%d", user->outUse);
More information about the asterisk-dev