Summary:ASTERISK-01978: [patches][src-audit] app.c, asterisk.c, callerid.c, cdr.c, channel.c, cli.c, config.c, db.c
Reporter:Rob Gagnon (rgagnon)Labels:
Date Opened:2004-07-09 06:03:43Date Closed:2008-01-15 15:02:06.000-0600
Versions:Frequency of
Environment:Attachments:( 0) app.c.patch.txt
( 1) asterisk.c.patch.txt
( 2) callerid.c.patch.txt
( 3) cdr.c.patch.txt
( 4) channel.c.patch.txt
( 5) cli.c.patch.txt
( 6) config.c.patch.txt
( 7) db.c.patch.txt
Description:strcat, strcpy, sprintf, strncat, strncpy, sprintf auditting modifications.

More code cleanup.  Over time, I think I can put more of these little things up here to migrate to eventual elimination of strcat, sprintf, and strcpy for buffer overrun protection.



Posted these as several patches to make it easier to patch only one file if needed.
Comments:By: Mark Spencer (markster) 2004-07-09 06:22:43

Thanks again for putting so much time into this source audit.  I'm pleased both by the fixes and by the lack of any serious issues so far!

Applied all but cli.c.patch -- Please review the man page for snprintf, and find out about its surprising return value.  You will need to be more careful in that routine.

By: Mark Spencer (markster) 2004-07-09 06:23:21

Actually to keep things cleaner i'm just going to close this one out, you can just add cli.c with your next series of patches.

By: Digium Subversion (svnbot) 2008-01-15 15:02:06.000-0600

Repository: asterisk
Revision: 3410

U   trunk/app.c
U   trunk/asterisk.c
U   trunk/callerid.c
U   trunk/cdr.c
U   trunk/channel.c
U   trunk/channels/chan_zap.c
U   trunk/config.c
U   trunk/db.c

r3410 | markster | 2008-01-15 15:02:06 -0600 (Tue, 15 Jan 2008) | 2 lines

More strcpy / snprintf as part of rgagnon's audit (bug ASTERISK-1978)