| Summary: | ASTERISK-01551: iax2_show_users() has b0rked strncpy(3) calls. (easy fix, no patch included) | ||
| Reporter: | cloos (cloos) | Labels: | |
| Date Opened: | 2004-05-06 16:12:45 | Date Closed: | 2004-09-25 02:48:24 |
| Priority: | Major | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ||
| Description: | in iax2_show_users() we find this: char auth[90]; strncpy(auth,user->secret,strlen(auth)-1); Given that auth[] has not been assigned to, strlen(auth) will return 0. size_t is unsigned long so 0-1 is MAX_INT. Passing that to strncpy(3) is of course no better than using strcpy(3). The array and strncpy should probably use a #define for sizing. As a result of this bug, iax2 show users prints garbage in the secret column in the case of plaintext or md5 authed users. | ||
| Comments: | By: Mark Spencer (markster) 2004-05-06 16:30:39 Fixed in CVS. | ||