[asterisk-dev] Re: agi segfaults 1.2.9.1
Steven
critch at basesys.com
Wed Jun 14 06:50:54 MST 2006
On Wed, 2006-06-14 at 08:37 -0500, Kevin P. Fleming wrote:
> ----- Julian Lyndon-Smith <asterisk at dotr.com> wrote:
> > I'm sure that part of Kevin's email was cut off, and that he meant to
> >
> > say in addition was "and we'd like to be made aware of them so that
> > they
> > can be fixed in order to make asterisk an even more reliable system"
>
> No, it was not. It is not possible to completely validate every set of
> parameters sent to every single application/function/AGI command/etc.
> in Asterisk. Even if it was possible, it's not worth the effort or the
> time/memory/etc. cost it would put on the users of Asterisk.
I have to say that is a piss poor attitude. Making it 100% foolproof and
hackerproof may be too much to ask for, but simple validation of the
parameters should be done.
A better attitude would have been just to ask for the patch that
validated the exec parameters.
--
Steven <critch at basesys.com>
More information about the asterisk-dev
mailing list