[Asterisk-Dev] Is anyone thinking anymore?
Brian
lists001 at brianchristie.com
Sun Jul 25 02:15:06 MST 2004
Whoops...So sorry, I'm not sure how I got confused like that.
Brian wrote:
> This list is for discussion of the asterisk documentation project.
> http://www.asteriskdocs.org .
>
> The below message belongs on the -dev list,
> http://lists.digium.com/mailman/listinfo/asterisk-dev .
>
> Thanks :)
>
> -Brian
>
>
>
>
> Karl Brose wrote:
>
>>
>> In recent CVS updates we can observe code changes (strangely called
>> "source audits") such as those quoted below.
>> The old code is perfectly legal, stable, safe, technically sound, and
>> readable.
>>
>> Yet, some people in this community insist on infecting good code with
>> nonsense, as in this example.
>>
>> Folks, just because it's wise to limit string lengths when copying in
>> some situations to avoid overflows,
>> it doesn't make any sense to just mechanically apply these things to
>> every situation without thought and call it "source audits" or what ever.
>> chan_sip.c is now littered with this crap.
>>
>> Is anyone thinking anymore?
>>
>>
>>
>> struct sip_user *user;
>> - char ilimits[40];
>> - char olimits[40];
>> + char ilimits[40] = "";
>> + char olimits[40] = "";
>> char iused[40];
>> char oused[40];
>> if (argc != 3)
>> @@ -5359,11 +5375,11 @@
>> if (user->incominglimit)
>> snprintf(ilimits, sizeof(ilimits), "%d",
>> user->incominglimit);
>> else
>> - strcpy(ilimits, "N/A");
>> + strncpy(ilimits, "N/A", sizeof(ilimits) - 1);
>> if (user->outgoinglimit)
>> snprintf(olimits, sizeof(olimits), "%d",
>> user->outgoinglimit);
>> else
>> - strcpy(olimits, "N/A");
>> + strncpy(olimits, "N/A", sizeof(olimits) - 1);
>> snprintf(iused, sizeof(iused), "%d", user->inUse);
>> snprintf(oused, sizeof(oused), "%d", user->outUse);
>>
More information about the asterisk-dev
mailing list