[asterisk-dev] Re: Security Through Obscurity
Kevin P. Fleming
kpfleming at digium.com
Mon Mar 5 04:26:43 MST 2007
Hans Petter Selasky wrote:
> I don't have a specific one. Just grep for "strcpy" in "chan_sip.c". Probably
> most of the copies are OK, but it is very easy to make working code fail in
> the future, if the length of certain strings are ever changed.
This is pointless. We have spent _many_ hours auditing the code to solve
these issues, so making random copies like 'I see use of strcpy() and it
_might_ not be safe' is not helpful at all.
If you see specific instances where you think there may be an issue,
please document them so someone can respond to you.
More information about the asterisk-dev