[Asterisk-Dev] Is anyone thinking anymore?
markster at digium.com
Sun Jul 25 21:31:53 MST 2004
> Folks, just because it's wise to limit string lengths when copying in some
> situations to avoid overflows,
> it doesn't make any sense to just mechanically apply these things to every
> situation without thought and call it "source audits" or what ever.
> chan_sip.c is now littered with this crap.
> Is anyone thinking anymore?
You know, actually, I did put a lot of thought in before merging those
patches. Some of them are legitimate and the vast majority of them really
don't make any difference at all. However, promoting good general
principles (e.g. strncpy, with all its quirks (e.g. needing to initialize
to "" or explicitly set the trailing 0), and snprintf with all its
quirks (remember snprintf returns the *number of bytes that would have
been written had their been enough space*)) seemed like a reasonable
enough trade off for the effectively insignificant of a few strncpy's
instead of strcpy's where they were used.
I'm certainly open to other comments along these lines though. I'd be
happy to see a discussion (preferably with more Signal to Noise than the
licensing one that I made the mistake of chiming in on).
More information about the asterisk-dev