[asterisk-dev] [Code Review] Fix r374905 misuse of strdupa
rmudgett
reviewboard at asterisk.org
Fri Oct 12 16:25:48 CDT 2012
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviewboard.asterisk.org/r/2162/#review7271
-----------------------------------------------------------
/branches/1.8/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/2162/#comment14037>
I think strlen + 1 for terminator is needed.
/branches/1.8/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/2162/#comment14038>
Duplicate strcasestr here.
/branches/1.8/channels/chan_sip.c
<https://reviewboard.asterisk.org/r/2162/#comment14039>
The sizeof("string") count includes the null terminator so I think you are advancing too far.
- rmudgett
On Oct. 12, 2012, 3:40 p.m., wdoekes wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviewboard.asterisk.org/r/2162/
> -----------------------------------------------------------
>
> (Updated Oct. 12, 2012, 3:40 p.m.)
>
>
> Review request for Asterisk Developers and Mark Michelson.
>
>
> Summary
> -------
>
> I was a bit quick on the ship-it there ;)
> Those strdupa's are far from safe from direct user input.
>
> Here's a fix, which happens to slightly faster too.
>
>
> Diffs
> -----
>
> /branches/1.8/channels/chan_sip.c 374930
>
> Diff: https://reviewboard.asterisk.org/r/2162/diff
>
>
> Testing
> -------
>
> Got asterisk to crash easily before patch. No crash after. Mark's test from r2123 still completes with 0 errors.
>
>
> Thanks,
>
> wdoekes
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.digium.com/pipermail/asterisk-dev/attachments/20121012/ae015ae5/attachment.htm>
More information about the asterisk-dev
mailing list