[Asterisk-Dev] [RFC] strncpy -> ast_copy_string

Luigi Rizzo rizzo at icir.org
Mon May 2 16:46:18 MST 2005 

On Mon, May 02, 2005 at 02:50:07PM -0500, Jeffrey C. Ollie wrote:
...
> > I notice that a lot of code in asterisk uses statically sized buffers,
> > which is inefficient memorywise, risky if you forget or
> > misspecify the 'size' in the various stncpy, and might lead
> > to unexpected behaviour because of arbitrary truncation of the strings.
> > 
> > I think that over time one should switch to support variable-size
> > strings, and define an appropriate set of macros or functions
> > to operate on them.
> > Certainly deprecating strncpy in favour of a private method is
> > a first step.
> 
> I think that the primary reasons for using statically allocated buffers
> are:
> 
> 1) Speed - You don't have the malloc/free overhead.
> 2) Correctness - You don't have to worry about null pointer
> dereferences, double frees, etc.
> 
> Also, a lot of the string parsing in Asterisk is processing protocol
> headers and data.  Many protocols define upper limits on the sizes of
> various fields so you don't really need to worry about handling very
> large strings.

i am fine with that, but i am unhappy about the mixture, in the code,
of symbolic constants and magic numbers for apparently similar fields.
E.g. some simple grepping in channels/ returns the following:

        char context[80];               /* Default context for incoming calls */
        char secret[80];                /* Password */
  
        char context[AST_MAX_EXTENSION];
 
	chan_sip.c:     char secret[256];               /* Secret */
	chan_sip.c:     char secret[80];                /* Password */
	chan_h323.c:static char secret[50];


so what's the max size for a password, 50 80 or 256 ?

If you support variable size strings you pretty much know that
truncations may only occur when you put strings into protocol messages;
with the current approach they might happen somewhere in the
middle of the chain, and it may be hard to tell where.

	cheers
	luigi
f 
> Jeff
> 



> _______________________________________________
> Asterisk-Dev mailing list
> Asterisk-Dev at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-dev
> To UNSUBSCRIBE or update options visit:
>    http://lists.digium.com/mailman/listinfo/asterisk-dev

More information about the asterisk-dev mailing list