[Asterisk-Dev] Is anyone thinking anymore?

Mark Spencer markster at digium.com
Sun Jul 25 21:31:53 MST 2004


> Folks, just because it's wise to limit string lengths when copying in some 
> situations to avoid overflows,
> it doesn't make any sense to just mechanically apply these things to every 
> situation without thought and call it "source audits" or what ever.
> chan_sip.c is now littered with this crap.
>
> Is anyone thinking anymore?

You know, actually, I did put a lot of thought in before merging those 
patches.  Some of them are legitimate and the vast majority of them really 
don't make any difference at all.  However, promoting good general 
principles (e.g. strncpy, with all its quirks (e.g. needing to initialize 
to "" or explicitly set the trailing 0), and snprintf with all its 
quirks (remember snprintf returns the *number of bytes that would have 
been written had their been enough space*)) seemed like a reasonable 
enough trade off for the effectively insignificant of a few strncpy's 
instead of strcpy's where they were used.

I'm certainly open to other comments along these lines though.  I'd be 
happy to see a discussion (preferably with more Signal to Noise than the 
licensing one that I made the mistake of chiming in on).

Mark



More information about the asterisk-dev mailing list