[asterisk-dev] Re: Security Through Obscurity
Hans Petter Selasky
hselasky at c2i.net
Mon Mar 5 02:57:36 MST 2007
On Monday 05 March 2007 06:11, Kevin P. Fleming wrote:
> Matthew Rubenstein wrote:
> > This security reality is well known in the programming industry. I'm
> > disappointed to see Digium acting as if it weren't.
>
I had a look at the source code of "chan_sip.c", and what we are talking about
is a NULL pointer exception. It is not going to do much harm from what I can
see.
By the way, conserning security in "chan_sip.c", I see several "strcpy()"
function calls. Isn't it time to change these into the BSD
derived "strlcpy()"?
--HPS
More information about the asterisk-dev
mailing list