[asterisk-dev] Re: Security Through Obscurity

Hans Petter Selasky hselasky at c2i.net
Mon Mar 5 02:57:36 MST 2007


On Monday 05 March 2007 06:11, Kevin P. Fleming wrote:
> Matthew Rubenstein wrote:
> > 	This security reality is well known in the programming industry. I'm
> > disappointed to see Digium acting as if it weren't.
>

I had a look at the source code of "chan_sip.c", and what we are talking about 
is a NULL pointer exception. It is not going to do much harm from what I can 
see.

By the way, conserning security in "chan_sip.c", I see several "strcpy()" 
function calls. Isn't it time to change these into the BSD 
derived "strlcpy()"?

--HPS


More information about the asterisk-dev mailing list