[Asterisk-cvs] asterisk app.c,1.23,1.24 asterisk.c,1.102,1.103 callerid.c,1.17,1.18 cdr.c,1.19,1.20 channel.c,1.128,1.129 config.c,1.24,1.25 db.c,1.9,1.10
markster at lists.digium.com
markster at lists.digium.com
Fri Jul 9 06:22:23 CDT 2004
Update of /usr/cvsroot/asterisk
In directory mongoose.digium.com:/tmp/cvs-serv11100
Modified Files:
app.c asterisk.c callerid.c cdr.c channel.c config.c db.c
Log Message:
More strcpy / snprintf as part of rgagnon's audit (bug #2004)
Index: app.c
===================================================================
RCS file: /usr/cvsroot/asterisk/app.c,v
retrieving revision 1.23
retrieving revision 1.24
diff -u -d -r1.23 -r1.24
--- app.c 22 Jun 2004 18:48:59 -0000 1.23
+++ app.c 9 Jul 2004 10:08:09 -0000 1.24
@@ -157,7 +157,7 @@
if (ast_strlen_zero(mailbox))
return 0;
if (strchr(mailbox, ',')) {
- strncpy(tmp, mailbox, sizeof(tmp));
+ strncpy(tmp, mailbox, sizeof(tmp) - 1);
mb = tmp;
ret = 0;
while((cur = strsep(&mb, ","))) {
@@ -207,7 +207,7 @@
return 0;
if (strchr(mailbox, ',')) {
int tmpnew, tmpold;
- strncpy(tmp, mailbox, sizeof(tmp));
+ strncpy(tmp, mailbox, sizeof(tmp) - 1);
mb = tmp;
ret = 0;
while((cur = strsep(&mb, ", "))) {
Index: asterisk.c
===================================================================
RCS file: /usr/cvsroot/asterisk/asterisk.c,v
retrieving revision 1.102
retrieving revision 1.103
diff -u -d -r1.102 -r1.103
--- asterisk.c 3 Jul 2004 16:19:23 -0000 1.102
+++ asterisk.c 9 Jul 2004 10:08:09 -0000 1.103
@@ -943,10 +943,10 @@
case 'C': /* color */
t++;
if (sscanf(t, "%d;%d%n", &fgcolor, &bgcolor, &i) == 2) {
- strncat(p, term_color_code(term_code, fgcolor, bgcolor, sizeof(term_code)),sizeof(prompt) - strlen(prompt));
+ strncat(p, term_color_code(term_code, fgcolor, bgcolor, sizeof(term_code)),sizeof(prompt) - strlen(prompt) - 1);
t += i - 1;
} else if (sscanf(t, "%d%n", &fgcolor, &i) == 1) {
- strncat(p, term_color_code(term_code, fgcolor, 0, sizeof(term_code)),sizeof(prompt) - strlen(prompt));
+ strncat(p, term_color_code(term_code, fgcolor, 0, sizeof(term_code)),sizeof(prompt) - strlen(prompt) - 1);
t += i - 1;
}
@@ -966,9 +966,9 @@
break;
case 'h': /* hostname */
if (!gethostname(hostname, sizeof(hostname) - 1)) {
- strncat(p, hostname, sizeof(prompt) - strlen(prompt));
+ strncat(p, hostname, sizeof(prompt) - strlen(prompt) - 1);
} else {
- strncat(p, "localhost", sizeof(prompt) - strlen(prompt));
+ strncat(p, "localhost", sizeof(prompt) - strlen(prompt) - 1);
}
break;
case 'H': /* short hostname */
@@ -979,9 +979,9 @@
break;
}
}
- strncat(p, hostname, sizeof(prompt) - strlen(prompt));
+ strncat(p, hostname, sizeof(prompt) - strlen(prompt) - 1);
} else {
- strncat(p, "localhost", sizeof(prompt) - strlen(prompt));
+ strncat(p, "localhost", sizeof(prompt) - strlen(prompt) - 1);
}
break;
#ifdef linux
@@ -1023,13 +1023,13 @@
break;
case '#': /* process console or remote? */
if (! option_remote) {
- strncat(p, "#", sizeof(prompt) - strlen(prompt));
+ strncat(p, "#", sizeof(prompt) - strlen(prompt) - 1);
} else {
- strncat(p, ">", sizeof(prompt) - strlen(prompt));
+ strncat(p, ">", sizeof(prompt) - strlen(prompt) - 1);
}
break;
case '%': /* literal % */
- strncat(p, "%", sizeof(prompt) - strlen(prompt));
+ strncat(p, "%", sizeof(prompt) - strlen(prompt) - 1);
break;
case '\0': /* % is last character - prevent bug */
t--;
@@ -1462,14 +1462,14 @@
strncpy((char *)ast_config_AST_SPOOL_DIR,v->value,sizeof(ast_config_AST_SPOOL_DIR)-1);
} else if (!strcasecmp(v->name, "astvarlibdir")) {
strncpy((char *)ast_config_AST_VAR_DIR,v->value,sizeof(ast_config_AST_VAR_DIR)-1);
- snprintf((char *)ast_config_AST_DB,sizeof(ast_config_AST_DB)-1,"%s/%s",v->value,"astdb");
+ snprintf((char *)ast_config_AST_DB,sizeof(ast_config_AST_DB),"%s/%s",v->value,"astdb");
} else if (!strcasecmp(v->name, "astlogdir")) {
strncpy((char *)ast_config_AST_LOG_DIR,v->value,sizeof(ast_config_AST_LOG_DIR)-1);
} else if (!strcasecmp(v->name, "astagidir")) {
strncpy((char *)ast_config_AST_AGI_DIR,v->value,sizeof(ast_config_AST_AGI_DIR)-1);
} else if (!strcasecmp(v->name, "astrundir")) {
- snprintf((char *)ast_config_AST_PID,sizeof(ast_config_AST_PID)-1,"%s/%s",v->value,"asterisk.pid");
- snprintf((char *)ast_config_AST_SOCKET,sizeof(ast_config_AST_SOCKET)-1,"%s/%s",v->value,"asterisk.ctl");
+ snprintf((char *)ast_config_AST_PID,sizeof(ast_config_AST_PID),"%s/%s",v->value,"asterisk.pid");
+ snprintf((char *)ast_config_AST_SOCKET,sizeof(ast_config_AST_SOCKET),"%s/%s",v->value,"asterisk.ctl");
strncpy((char *)ast_config_AST_RUN_DIR,v->value,sizeof(ast_config_AST_RUN_DIR)-1);
} else if (!strcasecmp(v->name, "astmoddir")) {
strncpy((char *)ast_config_AST_MODULE_DIR,v->value,sizeof(ast_config_AST_MODULE_DIR)-1);
@@ -1564,7 +1564,7 @@
xarg = optarg;
break;
case 'C':
- strncpy((char *)ast_config_AST_CONFIG_FILE,optarg,sizeof(ast_config_AST_CONFIG_FILE));
+ strncpy((char *)ast_config_AST_CONFIG_FILE,optarg,sizeof(ast_config_AST_CONFIG_FILE) - 1);
option_overrideconfig++;
break;
case 'i':
Index: callerid.c
===================================================================
RCS file: /usr/cvsroot/asterisk/callerid.c,v
retrieving revision 1.17
retrieving revision 1.18
diff -u -d -r1.17 -r1.18
--- callerid.c 21 Jun 2004 22:36:25 -0000 1.17
+++ callerid.c 9 Jul 2004 10:08:09 -0000 1.18
@@ -242,8 +242,8 @@
break;
}
- strcpy(cid->number, "");
- strcpy(cid->name, "");
+ cid->number[0] = '\0';
+ cid->name[0] = '\0';
/* If we get this far we're fine. */
if (cid->type == 0x80) {
/* MDMF */
Index: cdr.c
===================================================================
RCS file: /usr/cvsroot/asterisk/cdr.c,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -d -r1.19 -r1.20
--- cdr.c 28 Jun 2004 03:48:53 -0000 1.19
+++ cdr.c 9 Jul 2004 10:08:09 -0000 1.20
@@ -431,7 +431,7 @@
if (c->callerid && !ast_strlen_zero(c->callerid))
strncpy(cdr->clid, c->callerid, sizeof(cdr->clid) - 1);
else
- strcpy(cdr->clid, "");
+ cdr->clid[0] = '\0';
name = NULL;
num = NULL;
ast_callerid_parse(tmp, &name, &num);
Index: channel.c
===================================================================
RCS file: /usr/cvsroot/asterisk/channel.c,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -d -r1.128 -r1.129
--- channel.c 29 Jun 2004 19:29:03 -0000 1.128
+++ channel.c 9 Jul 2004 10:08:09 -0000 1.129
@@ -2143,7 +2143,7 @@
void ast_change_name(struct ast_channel *chan, char *newname)
{
char tmp[256];
- strncpy(tmp, chan->name, 256);
+ strncpy(tmp, chan->name, sizeof(tmp) - 1);
strncpy(chan->name, newname, sizeof(chan->name) - 1);
manager_event(EVENT_FLAG_CALL, "Rename", "Oldname: %s\r\nNewname: %s\r\nUniqueid: %s\r\n", tmp, chan->name, chan->uniqueid);
}
Index: config.c
===================================================================
RCS file: /usr/cvsroot/asterisk/config.c,v
retrieving revision 1.24
retrieving revision 1.25
diff -u -d -r1.24 -r1.25
--- config.c 22 Jun 2004 20:11:15 -0000 1.24
+++ config.c 9 Jul 2004 10:08:09 -0000 1.25
@@ -319,7 +319,7 @@
if (!cat)
return NULL;
memset(cat, 0, sizeof(struct ast_category));
- strncpy(cat->name, category, sizeof(cat->name));
+ strncpy(cat->name, category, sizeof(cat->name) - 1);
if (config->root) {
/* Put us at the end */
pcat = config->root;
@@ -646,7 +646,7 @@
{
FILE *f;
char fn[256];
- char date[256];
+ char date[256]="";
time_t t;
struct ast_variable *var;
struct ast_category *cat;
@@ -657,7 +657,7 @@
snprintf(fn, sizeof(fn), "%s/%s", AST_CONFIG_DIR, configfile);
}
time(&t);
- strncpy(date, ctime(&t), sizeof(date));
+ strncpy(date, ctime(&t), sizeof(date) - 1);
if ((f = fopen(fn, "w"))) {
if ((option_verbose > 1) && !option_debug)
ast_verbose( VERBOSE_PREFIX_2 "Saving '%s': ", fn);
@@ -974,7 +974,7 @@
category = malloc(sizeof(struct ast_category));
if (category) {
memset(category,0,sizeof(struct ast_category));
- strncpy(category->name,name,sizeof(category->name));
+ strncpy(category->name,name,sizeof(category->name) - 1);
}
return category;
}
@@ -1082,7 +1082,8 @@
if (strcmp(v->name,config_conf_file) && strcmp(v->name,"asterisk.conf")) {
if (!(test = get_ast_cust_config_keyword(v->name))) {
ast_log(LOG_NOTICE,"Binding: %s to %s\n",v->name,v->value);
- strncpy(ptr->keywords[ptr->keycount],v->name,sizeof(ptr->keywords[ptr->keycount]));
+ strncpy(ptr->keywords[ptr->keycount],v->name,sizeof(ptr->keywords[ptr->keycount]) - 1);
+ ptr->keywords[ptr->keycount][sizeof(ptr->keywords[ptr->keycount])-1] = '\0';
ptr->keycount++;
}
} else {
Index: db.c
===================================================================
RCS file: /usr/cvsroot/asterisk/db.c,v
retrieving revision 1.9
retrieving revision 1.10
diff -u -d -r1.9 -r1.10
--- db.c 22 Jun 2004 18:48:59 -0000 1.9
+++ db.c 9 Jul 2004 10:08:09 -0000 1.10
@@ -84,7 +84,7 @@
} else if (keytree)
return -1;
else
- strcpy(prefix, "");
+ prefix[0] = '\0';
ast_mutex_lock(&dblock);
if (dbinit())
@@ -169,6 +169,7 @@
((char *)data.data)[data.size - 1] = '\0';
/* Make sure that we don't write too much to the dst pointer or we don't read too much from the source pointer */
strncpy(value, data.data, (valuelen > data.size) ? data.size : valuelen);
+ value[valuelen - 1] = '\0';
} else {
ast_log(LOG_NOTICE, "Strange, empty value for /%s/%s\n", family, keys);
}
@@ -275,7 +276,7 @@
snprintf(prefix, sizeof(prefix), "/%s", argv[2]);
} else if (argc == 2) {
/* Neither */
- strcpy(prefix, "");
+ prefix[0] = '\0';
} else
return RESULT_SHOWUSAGE;
ast_mutex_lock(&dblock);
@@ -324,7 +325,7 @@
/* Family only */
snprintf(prefix, sizeof(prefix), "/%s", family);
} else
- strcpy(prefix, "");
+ prefix[0] = '\0';
ast_mutex_lock(&dblock);
if (dbinit()) {
ast_mutex_unlock(&dblock);
More information about the svn-commits
mailing list