| Summary: | ASTERISK-01978: [patches][src-audit] app.c, asterisk.c, callerid.c, cdr.c, channel.c, cli.c, config.c, db.c | ||
| Reporter: | Rob Gagnon (rgagnon) | Labels: | |
| Date Opened: | 2004-07-09 06:03:43 | Date Closed: | 2008-01-15 15:02:06.000-0600 |
| Priority: | Minor | Regression? | No |
| Status: | Closed/Complete | Components: | Core/General |
| Versions: | Frequency of Occurrence | ||
| Related Issues: | |||
| Environment: | Attachments: | ( 0) app.c.patch.txt ( 1) asterisk.c.patch.txt ( 2) callerid.c.patch.txt ( 3) cdr.c.patch.txt ( 4) channel.c.patch.txt ( 5) cli.c.patch.txt ( 6) config.c.patch.txt ( 7) db.c.patch.txt | |
| Description: | strcat, strcpy, sprintf, strncat, strncpy, sprintf auditting modifications. More code cleanup. Over time, I think I can put more of these little things up here to migrate to eventual elimination of strcat, sprintf, and strcpy for buffer overrun protection. ****** ADDITIONAL INFORMATION ****** [disclaimed] Posted these as several patches to make it easier to patch only one file if needed. | ||
| Comments: | By: Mark Spencer (markster) 2004-07-09 06:22:43 Thanks again for putting so much time into this source audit. I'm pleased both by the fixes and by the lack of any serious issues so far! Applied all but cli.c.patch -- Please review the man page for snprintf, and find out about its surprising return value. You will need to be more careful in that routine. By: Mark Spencer (markster) 2004-07-09 06:23:21 Actually to keep things cleaner i'm just going to close this one out, you can just add cli.c with your next series of patches. By: Digium Subversion (svnbot) 2008-01-15 15:02:06.000-0600 Repository: asterisk Revision: 3410 U trunk/app.c U trunk/asterisk.c U trunk/callerid.c U trunk/cdr.c U trunk/channel.c U trunk/channels/chan_zap.c U trunk/config.c U trunk/db.c ------------------------------------------------------------------------ r3410 | markster | 2008-01-15 15:02:06 -0600 (Tue, 15 Jan 2008) | 2 lines More strcpy / snprintf as part of rgagnon's audit (bug ASTERISK-1978) ------------------------------------------------------------------------ http://svn.digium.com/view/asterisk?view=rev&revision=3410 | ||