[Asterisk-Dev] [RFC] strncpy -> ast_copy_string

Kristian Nielsen kn at sifira.dk
Mon May 2 00:46:24 MST 2005


Steve Underwood <steveu at coppice.org> writes:

> Hey, they changed it. strncpy never used to do that :-\ I wonder if
> that was to avoid some securiy issues with what might have remained in
> the buffer. Whatever, I don't agree with changing the behaviour of
> well estabilished functions. That sucks.

My copy of Kernighan and Ritchie "The C Programming Language" (second
edition, 1988) says:

    Copy at most n characters of string ct to s; return s. Pad with
    '\0's if t has fewer than n characters.

so I do not think that strncpy() changed. Rather, strncpy() has always
been broken, especially as regards the missing zero termination. I would
bet that there are several bugs lurking in Asterisk where a strncpy()
may leave a string without zero-termination, resulting in buffer
overruns later in the code.

 - Kristian.

-- 
Kristian Nielsen   kn at sifira.dk
Development Manager, Sifira A/S




More information about the asterisk-dev mailing list