Index: dlfcn.c =================================================================== RCS file: /usr/cvsroot/asterisk/dlfcn.c,v retrieving revision 1.1 diff -u -p -r1.1 dlfcn.c --- dlfcn.c 26 Oct 2003 19:17:28 -0000 1.1 +++ dlfcn.c 14 Jul 2004 12:12:03 -0000 @@ -199,12 +199,17 @@ static void error(const char *str, ...) char * err_str; va_start(arg, str); tss = pthread_getspecific(dlerror_key); - err_str = tss->errstr; - strncpy(err_str, "dlcompat: ", ERR_STR_LEN); - vsnprintf(err_str + 10, ERR_STR_LEN - 10, str, arg); + if (tss) { + err_str = tss->errstr; + if (err_str) { + strncpy(err_str, "dlcompat: ", ERR_STR_LEN - 1); + err_str[ERR_STR_LEN - 1] = '\0'; + vsnprintf(err_str + 10, ERR_STR_LEN - 10, str, arg); + debug("ERROR: %s\n", err_str); + } + tss->errset = 1; + } va_end(arg); - debug("ERROR: %s\n", err_str); - tss->errset = 1; } static void warning(const char *str) @@ -287,8 +292,14 @@ static const char *searchList() { buf_size = strlen(ldlp) + strlen(dyldlp) + strlen(stdpath) + 4; buf = malloc(buf_size); - snprintf(buf, buf_size, "%s%s%s%s%s%c", dyldlp, (dyldlp[0] ? ":" : ""), ldlp, (ldlp[0] ? ":" : ""), + if (!buf) { + error("%s(%s) Line %d Out of memory.\n", + __FILE__, __FUNCTION__, __LINE__); + } + else { + snprintf(buf, buf_size, "%s%s%s%s%s%c", dyldlp, (dyldlp[0] ? ":" : ""), ldlp, (ldlp[0] ? ":" : ""), stdpath, '\0'); + } } return buf; } @@ -434,7 +445,9 @@ static struct dlstatus *allocStatus() if (!dls) #endif dls = malloc(sizeof(*dls)); - dls->flags = 0; + if (dls) { + dls->flags = 0; + } return dls; } @@ -551,7 +564,9 @@ static inline const char *dyld_error_str if (dylderrstr && strlen(dylderrstr)) { retStr = malloc(strlen(dylderrstr) +1); - strcpy((char*)retStr,dylderrstr); + if (retStr) { + strcpy(retStr, dylderrstr); + } } return retStr; } @@ -652,7 +667,13 @@ static void *dlsymIntern(struct dlstatus if (savedErrorStr) free((char*)savedErrorStr); savedErrorStr = malloc(256); - snprintf((char*)savedErrorStr, 256, "Symbol \"%s\" not in global context",symbol); + if (!savedErrorStr) { + error("%s(%s) Line %d Out of memory.\n", + __FILE__, __FUNCTION__, __LINE__); + } + else { + snprintf((char*)savedErrorStr, 256, "Symbol \"%s\" not in global context",symbol); + } } } } @@ -664,7 +685,13 @@ static void *dlsymIntern(struct dlstatus if (savedErrorStr) free((char*)savedErrorStr); savedErrorStr = malloc(256); - snprintf((char*)savedErrorStr, 256,"Symbol \"%s\" not found",symbol); + if (!savedErrorStr) { + error("%s(%s) Line %d Out of memory.\n", + __FILE__, __FUNCTION__, __LINE__); + } + else { + snprintf((char*)savedErrorStr, 256,"Symbol \"%s\" not found",symbol); + } } if (canSetError) { @@ -866,17 +893,25 @@ static inline void dolock(void) if (!tss) { tss = malloc(sizeof(struct dlthread)); - tss->lockcnt = 0; - tss->errset = 0; - if (pthread_setspecific(dlerror_key, tss)) - { - fprintf(stderr,"dlcompat: pthread_setspecific failed\n"); - exit(1); + if (!tss) { + error("%s(%s) Line %d Out of memory.\n", + __FILE__, __FUNCTION__, __LINE__); + } + else { + tss->lockcnt = 0; + tss->errset = 0; + if (pthread_setspecific(dlerror_key, tss)) + { + fprintf(stderr,"dlcompat: pthread_setspecific failed\n"); + exit(1); + } } } - if (!tss->lockcnt) - err = pthread_mutex_lock(&dlcompat_mutex); - tss->lockcnt = tss->lockcnt +1; + if (tss) { + if (!tss->lockcnt) + err = pthread_mutex_lock(&dlcompat_mutex); + tss->lockcnt = tss->lockcnt +1; + } if (err) exit(err); } Index: astman/astman.c =================================================================== RCS file: /usr/cvsroot/asterisk/astman/astman.c,v retrieving revision 1.9 diff -u -p -r1.9 astman.c --- astman/astman.c 8 May 2004 20:41:27 -0000 1.9 +++ astman/astman.c 14 Jul 2004 12:12:04 -0000 @@ -178,8 +178,8 @@ static struct event { static int process_message(struct ast_mansession *s, struct message *m) { int x; - char event[80]; - strncpy(event, get_header(m, "Event"), sizeof(event)); + char event[80] = ""; + strncpy(event, get_header(m, "Event"), sizeof(event) - 1); if (!strlen(event)) { fprintf(stderr, "Missing event in request"); return 0; Index: cdr/cdr_csv.c =================================================================== RCS file: /usr/cvsroot/asterisk/cdr/cdr_csv.c,v retrieving revision 1.8 diff -u -p -r1.8 cdr_csv.c --- cdr/cdr_csv.c 13 Jun 2004 21:25:10 -0000 1.8 +++ cdr/cdr_csv.c 14 Jul 2004 12:12:04 -0000 @@ -71,16 +71,16 @@ static char *name = "csv"; static FILE *mf = NULL; -static int append_string(char *buf, char *s, int len) +static int append_string(char *buf, char *s, size_t bufsize) { int pos = strlen(buf); int spos = 0; int error = 0; - if (pos >= len - 4) + if (pos >= bufsize - 4) return -1; buf[pos++] = '\"'; error = -1; - while(pos < len - 3) { + while(pos < bufsize - 3) { if (!s[spos]) { error = 0; break; @@ -96,87 +96,87 @@ static int append_string(char *buf, char return error; } -static int append_int(char *buf, int s, int len) +static int append_int(char *buf, int s, size_t bufsize) { char tmp[32]; int pos = strlen(buf); snprintf(tmp, sizeof(tmp), "%d", s); - if (pos + strlen(tmp) > len - 3) + if (pos + strlen(tmp) > bufsize - 3) return -1; - strncat(buf, tmp, len); + strncat(buf, tmp, bufsize - strlen(buf) - 1); pos = strlen(buf); buf[pos++] = ','; buf[pos++] = '\0'; return 0; } -static int append_date(char *buf, struct timeval tv, int len) +static int append_date(char *buf, struct timeval tv, size_t bufsize) { - char tmp[80]; + char tmp[80] = ""; struct tm tm; time_t t; t = tv.tv_sec; - if (strlen(buf) > len - 3) + if (strlen(buf) > bufsize - 3) return -1; if (!tv.tv_sec && !tv.tv_usec) { - strncat(buf, ",", len); + strncat(buf, ",", bufsize - strlen(buf) - 1); return 0; } localtime_r(&t,&tm); strftime(tmp, sizeof(tmp), DATE_FORMAT, &tm); - return append_string(buf, tmp, len); + return append_string(buf, tmp, bufsize); } -static int build_csv_record(char *buf, int len, struct ast_cdr *cdr) +static int build_csv_record(char *buf, size_t bufsize, struct ast_cdr *cdr) { buf[0] = '\0'; /* Account code */ - append_string(buf, cdr->accountcode, len); + append_string(buf, cdr->accountcode, bufsize); /* Source */ - append_string(buf, cdr->src, len); + append_string(buf, cdr->src, bufsize); /* Destination */ - append_string(buf, cdr->dst, len); + append_string(buf, cdr->dst, bufsize); /* Destination context */ - append_string(buf, cdr->dcontext, len); + append_string(buf, cdr->dcontext, bufsize); /* Caller*ID */ - append_string(buf, cdr->clid, len); + append_string(buf, cdr->clid, bufsize); /* Channel */ - append_string(buf, cdr->channel, len); + append_string(buf, cdr->channel, bufsize); /* Destination Channel */ - append_string(buf, cdr->dstchannel, len); + append_string(buf, cdr->dstchannel, bufsize); /* Last Application */ - append_string(buf, cdr->lastapp, len); + append_string(buf, cdr->lastapp, bufsize); /* Last Data */ - append_string(buf, cdr->lastdata, len); + append_string(buf, cdr->lastdata, bufsize); /* Start Time */ - append_date(buf, cdr->start, len); + append_date(buf, cdr->start, bufsize); /* Answer Time */ - append_date(buf, cdr->answer, len); + append_date(buf, cdr->answer, bufsize); /* End Time */ - append_date(buf, cdr->end, len); + append_date(buf, cdr->end, bufsize); /* Duration */ - append_int(buf, cdr->duration, len); + append_int(buf, cdr->duration, bufsize); /* Billable seconds */ - append_int(buf, cdr->billsec, len); + append_int(buf, cdr->billsec, bufsize); /* Disposition */ - append_string(buf, ast_cdr_disp2str(cdr->disposition), len); + append_string(buf, ast_cdr_disp2str(cdr->disposition), bufsize); /* AMA Flags */ - append_string(buf, ast_cdr_flags2str(cdr->amaflags), len); + append_string(buf, ast_cdr_flags2str(cdr->amaflags), bufsize); #ifdef CSV_LOGUNIQUEID /* Unique ID */ - append_string(buf, cdr->uniqueid, len); + append_string(buf, cdr->uniqueid, bufsize); #endif #ifdef CSV_LOGUSERFIELD /* append the user field */ - append_string(buf, cdr->userfield,len); + append_string(buf, cdr->userfield,bufsize); #endif /* If we hit the end of our buffer, log an error */ - if (strlen(buf) < len - 5) { + if (strlen(buf) < bufsize - 5) { /* Trim off trailing comma */ buf[strlen(buf) - 1] = '\0'; - strncat(buf, "\n", len); + strncat(buf, "\n", bufsize - strlen(buf) - 1); return 0; } return -1; @@ -205,7 +205,7 @@ static int csv_log(struct ast_cdr *cdr) /* Make sure we have a big enough buf */ char buf[1024]; char csvmaster[AST_CONFIG_MAX_PATH]; - snprintf((char *)csvmaster,sizeof(csvmaster)-1,"%s/%s/%s",(char *)ast_config_AST_LOG_DIR,CSV_LOG_DIR,CSV_MASTER); + snprintf(csvmaster, sizeof(csvmaster),"%s/%s/%s", ast_config_AST_LOG_DIR, CSV_LOG_DIR, CSV_MASTER); #if 0 printf("[CDR] %s ('%s' -> '%s') Dur: %ds Bill: %ds Disp: %s Flags: %s Account: [%s]\n", cdr->channel, cdr->src, cdr->dst, cdr->duration, cdr->billsec, ast_cdr_disp2str(cdr->disposition), ast_cdr_flags2str(cdr->amaflags), cdr->accountcode); #endif Index: cdr/cdr_odbc.c =================================================================== RCS file: /usr/cvsroot/asterisk/cdr/cdr_odbc.c,v retrieving revision 1.14 diff -u -p -r1.14 cdr_odbc.c --- cdr/cdr_odbc.c 8 Jul 2004 13:18:04 -0000 1.14 +++ cdr/cdr_odbc.c 14 Jul 2004 12:12:04 -0000 @@ -56,25 +56,25 @@ static int odbc_log(struct ast_cdr *cdr) short int ODBC_mlen; int ODBC_res; char ODBC_msg[200], ODBC_stat[10]; - char sqlcmd[2048], timestr[128]; + char sqlcmd[2048] = "", timestr[128]; int res = 0; struct tm tm; localtime_r(&cdr->start.tv_sec,&tm); ast_mutex_lock(&odbc_lock); - strftime(timestr,128,DATE_FORMAT,&tm); + strftime(timestr, sizeof(timestr), DATE_FORMAT, &tm); memset(sqlcmd,0,2048); if((loguniqueid != NULL) && ((strcmp(loguniqueid, "1") == 0) || (strcmp(loguniqueid, "yes") == 0))) { - sprintf(sqlcmd,"INSERT INTO cdr " + snprintf(sqlcmd,sizeof(sqlcmd),"INSERT INTO cdr " "(calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp," "lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) " "VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)"); } else { - sprintf(sqlcmd,"INSERT INTO cdr " + snprintf(sqlcmd,sizeof(sqlcmd),"INSERT INTO cdr " "(calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata," "duration,billsec,disposition,amaflags,accountcode) " "VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?)"); @@ -264,8 +264,9 @@ static int odbc_load_module(void) dsn = malloc(strlen(tmp) + 1); if (dsn != NULL) { + memset(dsn, 0, strlen(tmp) + 1); dsn_alloc = 1; - strcpy(dsn,tmp); + strncpy(dsn, tmp, strlen(tmp)); } else { @@ -285,8 +286,9 @@ static int odbc_load_module(void) username = malloc(strlen(tmp) + 1); if (username != NULL) { + memset(username, 0, strlen(tmp) + 1); username_alloc = 1; - strcpy(username,tmp); + strncpy(username, tmp, strlen(tmp)); } else { @@ -306,8 +308,9 @@ static int odbc_load_module(void) password = malloc(strlen(tmp) + 1); if (password != NULL) { + memset(password, 0, strlen(tmp) + 1); password_alloc = 1; - strcpy(password,tmp); + strncpy(password, tmp, strlen(tmp)); } else { Index: cdr/cdr_pgsql.c =================================================================== RCS file: /usr/cvsroot/asterisk/cdr/cdr_pgsql.c,v retrieving revision 1.8 diff -u -p -r1.8 cdr_pgsql.c --- cdr/cdr_pgsql.c 9 Jul 2004 16:19:00 -0000 1.8 +++ cdr/cdr_pgsql.c 14 Jul 2004 12:12:04 -0000 @@ -49,15 +49,13 @@ PGresult *result; static int pgsql_log(struct ast_cdr *cdr) { struct tm tm; - char sqlcmd[2048], timestr[128]; + char sqlcmd[2048] = "", timestr[128]; char *pgerror; ast_mutex_lock(&pgsql_lock); - memset(sqlcmd,0,2048); - localtime_r(&cdr->start.tv_sec,&tm); - strftime(timestr,128,DATE_FORMAT,&tm); + strftime(timestr, sizeof(timestr), DATE_FORMAT, &tm); if ((!connected) && pghostname && pgdbuser && pgpassword && pgdbname) { conn = PQsetdbLogin(pghostname, pgdbport, NULL, NULL, pgdbname, pgdbuser, pgpassword); @@ -101,7 +99,7 @@ static int pgsql_log(struct ast_cdr *cdr ast_log(LOG_DEBUG,"cdr_pgsql: inserting a CDR record.\n"); - sprintf(sqlcmd,"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s','%s')",timestr,clid,cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, uniqueid, userfield); + snprintf(sqlcmd,sizeof(sqlcmd),"INSERT INTO cdr (calldate,clid,src,dst,dcontext,channel,dstchannel,lastapp,lastdata,duration,billsec,disposition,amaflags,accountcode,uniqueid,userfield) VALUES ('%s','%s','%s','%s','%s', '%s','%s','%s','%s',%i,%i,'%s',%i,'%s','%s','%s')",timestr,clid,cdr->src, cdr->dst, dcontext,channel, dstchannel, lastapp, lastdata,cdr->duration,cdr->billsec,ast_cdr_disp2str(cdr->disposition),cdr->amaflags, cdr->accountcode, uniqueid, userfield); ast_log(LOG_DEBUG,"cdr_pgsql: SQL command executed: %s\n",sqlcmd); /* Test to be sure we're still connected... */ @@ -204,8 +202,9 @@ static int my_load_module(void) if (tmp) { pghostname = malloc(strlen(tmp) + 1); if (pghostname != NULL) { + memset(pghostname, 0, strlen(tmp) + 1); hostname_alloc = 1; - strcpy(pghostname,tmp); + strncpy(pghostname, tmp, strlen(tmp)); } else { ast_log(LOG_ERROR,"Out of memory error.\n"); return -1; @@ -219,8 +218,9 @@ static int my_load_module(void) if (tmp) { pgdbname = malloc(strlen(tmp) + 1); if (pgdbname != NULL) { + memset(pgdbname, 0, strlen(tmp) + 1); dbname_alloc = 1; - strcpy(pgdbname,tmp); + strncpy(pgdbname, tmp, strlen(tmp)); } else { ast_log(LOG_ERROR,"Out of memory error.\n"); return -1; @@ -234,8 +234,9 @@ static int my_load_module(void) if (tmp) { pgdbuser = malloc(strlen(tmp) + 1); if (pgdbuser != NULL) { + memset(pgdbuser, 0, strlen(tmp) + 1); dbuser_alloc = 1; - strcpy(pgdbuser,tmp); + strncpy(pgdbuser, tmp, strlen(tmp)); } else { ast_log(LOG_ERROR,"Out of memory error.\n"); return -1; @@ -249,8 +250,9 @@ static int my_load_module(void) if (tmp) { pgpassword = malloc(strlen(tmp) + 1); if (pgpassword != NULL) { + memset(pgpassword, 0, strlen(tmp) + 1); password_alloc = 1; - strcpy(pgpassword,tmp); + strncpy(pgpassword, tmp, strlen(tmp)); } else { ast_log(LOG_ERROR,"Out of memory error.\n"); return -1; @@ -264,8 +266,9 @@ static int my_load_module(void) if (tmp) { pgdbport = malloc(strlen(tmp) + 1); if (pgdbport != NULL) { + memset(pgdbport, 0, strlen(tmp) + 1); dbport_alloc = 1; - strcpy(pgdbport,tmp); + strncpy(pgdbport, tmp, strlen(tmp)); } else { ast_log(LOG_ERROR,"Out of memory error.\n"); return -1; Index: cdr/cdr_sqlite.c =================================================================== RCS file: /usr/cvsroot/asterisk/cdr/cdr_sqlite.c,v retrieving revision 1.1 diff -u -p -r1.1 cdr_sqlite.c --- cdr/cdr_sqlite.c 8 Jul 2004 08:29:26 -0000 1.1 +++ cdr/cdr_sqlite.c 14 Jul 2004 12:12:05 -0000 @@ -162,7 +162,7 @@ int load_module(void) int res; /* is the database there? */ - snprintf((char *)fn,sizeof(fn)-1,"%s/cdr.db",(char *)ast_config_AST_LOG_DIR); + snprintf(fn, sizeof(fn), "%s/cdr.db", ast_config_AST_LOG_DIR); db = sqlite_open(fn, 0660, &zErr); if (!db) { ast_log(LOG_ERROR, "cdr_sqlite: %s\n", zErr); Index: db1-ast/hash/ndbm.c =================================================================== RCS file: /usr/cvsroot/asterisk/db1-ast/hash/ndbm.c,v retrieving revision 1.1 diff -u -p -r1.1 ndbm.c --- db1-ast/hash/ndbm.c 4 Jan 2003 18:49:21 -0000 1.1 +++ db1-ast/hash/ndbm.c 14 Jul 2004 12:12:05 -0000 @@ -79,8 +79,8 @@ dbm_open(file, flags, mode) info.cachesize = 0; info.hash = NULL; info.lorder = 0; - (void)strcpy(path, file); - (void)strcat(path, DBM_SUFFIX); + (void)strncpy(path, file, len - 1); + (void)strncat(path, DBM_SUFFIX, len - strlen(path) - 1); db = (DBM *)__hash_open(path, flags, mode, &info, 0); #ifndef __GNUC__ free(path); Index: editline/common.c =================================================================== RCS file: /usr/cvsroot/asterisk/editline/common.c,v retrieving revision 1.1 diff -u -p -r1.1 common.c --- editline/common.c 27 Nov 2002 05:04:06 -0000 1.1 +++ editline/common.c 14 Jul 2004 12:12:06 -0000 @@ -676,7 +676,7 @@ ed_prev_history(EditLine *el, int c) if (el->el_history.eventno == 0) { /* save the current buffer * away */ (void) strncpy(el->el_history.buf, el->el_line.buffer, - EL_BUFSIZ); + EL_BUFSIZ - 1); el->el_history.last = el->el_history.buf + (el->el_line.lastchar - el->el_line.buffer); } @@ -742,7 +742,7 @@ ed_search_prev_history(EditLine *el, int } if (el->el_history.eventno == 0) { (void) strncpy(el->el_history.buf, el->el_line.buffer, - EL_BUFSIZ); + EL_BUFSIZ - 1); el->el_history.last = el->el_history.buf + (el->el_line.lastchar - el->el_line.buffer); } Index: editline/hist.c =================================================================== RCS file: /usr/cvsroot/asterisk/editline/hist.c,v retrieving revision 1.2 diff -u -p -r1.2 hist.c --- editline/hist.c 26 Mar 2003 22:37:33 -0000 1.2 +++ editline/hist.c 14 Jul 2004 12:12:06 -0000 @@ -106,7 +106,7 @@ hist_get(EditLine *el) if (el->el_history.eventno == 0) { /* if really the current line */ (void) strncpy(el->el_line.buffer, el->el_history.buf, - el->el_history.sz); + el->el_history.sz - 1); el->el_line.lastchar = el->el_line.buffer + (el->el_history.last - el->el_history.buf); Index: pbx/pbx_gtkconsole.c =================================================================== RCS file: /usr/cvsroot/asterisk/pbx/pbx_gtkconsole.c,v retrieving revision 1.13 diff -u -p -r1.13 pbx_gtkconsole.c --- pbx/pbx_gtkconsole.c 9 Jun 2004 01:45:08 -0000 1.13 +++ pbx/pbx_gtkconsole.c 14 Jul 2004 12:12:06 -0000 @@ -98,7 +98,7 @@ static void __verboser(const char *stuff char *s2[2]; struct timeval tv; int ms; - s2[0] = stuff; + s2[0] = (char *)stuff; s2[1] = NULL; gtk_clist_freeze(GTK_CLIST(verb)); if (replacelast) @@ -232,7 +232,7 @@ static void file_ok_sel(GtkWidget *w, Gt char tmp[AST_CONFIG_MAX_PATH]; char *module = gtk_file_selection_get_filename(fs); char buf[256]; - snprintf((char *)tmp,sizeof(tmp)-1,"%s/",(char *)ast_config_AST_MODULE_DIR); + snprintf(tmp, sizeof(tmp), "%s/", ast_config_AST_MODULE_DIR); if (!strncmp(module, (char *)tmp, strlen(tmp))) module += strlen(tmp); gdk_threads_leave(); @@ -251,7 +251,7 @@ static void add_module(void) { char tmp[AST_CONFIG_MAX_PATH]; GtkWidget *filew; - snprintf((char *)tmp,sizeof(tmp)-1,"%s/*.so",(char *)ast_config_AST_MODULE_DIR); + snprintf(tmp, sizeof(tmp), "%s/*.so", ast_config_AST_MODULE_DIR); filew = gtk_file_selection_new("Load Module"); gtk_signal_connect(GTK_OBJECT (GTK_FILE_SELECTION(filew)->ok_button), "clicked", GTK_SIGNAL_FUNC(file_ok_sel), filew); @@ -332,8 +332,8 @@ static void *consolethread(void *data) static int cli_activate(void) { - char buf[256]; - strncpy(buf, gtk_entry_get_text(GTK_ENTRY(cli)), sizeof(buf)); + char buf[256] = ""; + strncpy(buf, gtk_entry_get_text(GTK_ENTRY(cli)), sizeof(buf) - 1); gtk_entry_set_text(GTK_ENTRY(cli), ""); if (strlen(buf)) { ast_cli_command(clipipe[1], buf); Index: pbx/pbx_spool.c =================================================================== RCS file: /usr/cvsroot/asterisk/pbx/pbx_spool.c,v retrieving revision 1.14 diff -u -p -r1.14 pbx_spool.c --- pbx/pbx_spool.c 9 Jul 2004 21:34:24 -0000 1.14 +++ pbx/pbx_spool.c 14 Jul 2004 12:12:07 -0000 @@ -129,7 +129,7 @@ static int apply_outgoing(struct outgoin strncpy(o->dest, c2, sizeof(o->dest) - 1); } else { ast_log(LOG_NOTICE, "Channel should be in form Tech/Dest at line %d of %s\n", lineno, fn); - strcpy(o->tech, ""); + o->tech[0] = '\0'; } } else if (!strcasecmp(buf, "callerid")) { strncpy(o->callerid, c, sizeof(o->callerid) - 1); @@ -375,7 +375,7 @@ int load_module(void) { pthread_t thread; pthread_attr_t attr; - snprintf((char *)qdir,sizeof(qdir)-1,"%s/%s",(char *)ast_config_AST_SPOOL_DIR,"outgoing"); + snprintf(qdir, sizeof(qdir), "%s/%s", ast_config_AST_SPOOL_DIR, "outgoing"); if (mkdir(qdir, 0700) && (errno != EEXIST)) { ast_log(LOG_WARNING, "Unable to create queue directory %s -- outgoing spool disabled\n", qdir); return 0; Index: pbx/pbx_wilcalu.c =================================================================== RCS file: /usr/cvsroot/asterisk/pbx/pbx_wilcalu.c,v retrieving revision 1.15 diff -u -p -r1.15 pbx_wilcalu.c --- pbx/pbx_wilcalu.c 29 Jun 2004 20:09:43 -0000 1.15 +++ pbx/pbx_wilcalu.c 14 Jul 2004 12:12:07 -0000 @@ -259,7 +259,7 @@ int load_module(void) { int val; - snprintf((char *)dialfile, sizeof(dialfile)-1,"%s/%s", (char *)ast_config_AST_RUN_DIR,"autodial.ctl"); + snprintf((char *)dialfile, sizeof(dialfile), "%s/%s", ast_config_AST_RUN_DIR, "autodial.ctl"); if((val=mkfifo(dialfile, 0700))) { if(errno!=EEXIST){ ast_log(LOG_ERROR, "Error:%d Creating Autodial FIFO\n",errno); Index: res/res_adsi.c =================================================================== RCS file: /usr/cvsroot/asterisk/res/res_adsi.c,v retrieving revision 1.8 diff -u -p -r1.8 res_adsi.c --- res/res_adsi.c 29 Jun 2004 04:42:19 -0000 1.8 +++ res/res_adsi.c 14 Jul 2004 12:12:07 -0000 @@ -1006,13 +1006,13 @@ static void init_state(void) for (x=0;xname, "greeting")) { if (x < ADSI_MAX_INTRO) { aligns[x] = alignment; - strncpy(intro[x], v->value, 20); + strncpy(intro[x], v->value, sizeof(intro[x]) - 1); + intro[x][sizeof(intro[x]) - 1] = '\0'; x++; } } else if (!strcasecmp(v->name, "maxretries")) { @@ -1056,7 +1057,7 @@ static void adsi_load(void) sname = name; if (x < ADSI_MAX_SPEED_DIAL) { /* Up to 20 digits */ - strncpy(speeddial[x][0], v->name, 20); + strncpy(speeddial[x][0], v->name, sizeof(speeddial[x][0]) - 1); strncpy(speeddial[x][1], name, 18); strncpy(speeddial[x][2], sname, 7); x++; Index: res/res_config_odbc.c =================================================================== RCS file: /usr/cvsroot/asterisk/res/res_config_odbc.c,v retrieving revision 1.6 diff -u -p -r1.6 res_config_odbc.c --- res/res_config_odbc.c 13 Jul 2004 22:53:17 -0000 1.6 +++ res/res_config_odbc.c 14 Jul 2004 12:12:07 -0000 @@ -38,16 +38,16 @@ static struct ast_config *config_odbc (c struct ast_config *config, *new; struct ast_variable *v, *cur_v, *new_v; struct ast_category *cur_cat, *new_cat; - char table[128]; - char connection[128]; + char table[128] = ""; + char connection[128] = ""; int configured = 0, res = 0; odbc_obj *obj; SQLINTEGER err=0, commented=0, cat_metric=0, var_metric=0, last_cat_metric=0; SQLBIGINT id; - char sql[255], filename[128], category[128], var_name[128], var_val[128]; + char sql[255] = "", filename[128], category[128], var_name[128], var_val[128]; SQLSMALLINT rowcount=0; SQLHSTMT stmt; - char last[80]; + char last[80] = ""; int cat_started = 0; int var_started = 0; @@ -68,10 +68,10 @@ static struct ast_config *config_odbc (c if (config) { for (v = ast_variable_browse (config, "settings"); v; v = v->next) { if (!strcmp (v->name, "table")) { - strncpy (table, v->value, sizeof (table)); + strncpy(table, v->value, sizeof(table) - 1); configured++; } else if (!strcmp (v->name, "connection")) { - strncpy (connection, v->value, sizeof (connection)); + strncpy(connection, v->value, sizeof(connection) - 1); configured++; } } @@ -96,7 +96,7 @@ static struct ast_config *config_odbc (c SQLBindCol (stmt, 7, SQL_C_CHAR, &var_name, sizeof (var_name), &err); SQLBindCol (stmt, 8, SQL_C_CHAR, &var_val, sizeof (var_val), &err); - sprintf (sql, "select * from %s where filename='%s' and commented=0 order by filename,cat_metric desc,var_metric asc,id", table, file); + snprintf(sql, sizeof(sql), "select * from %s where filename='%s' and commented=0 order by filename,cat_metric desc,var_metric asc,id", table, file); res = SQLExecDirect (stmt, sql, SQL_NTS); if ((res != SQL_SUCCESS) && (res != SQL_SUCCESS_WITH_INFO)) { @@ -133,7 +133,7 @@ static struct ast_config *config_odbc (c ); } else { if (strcmp (last, category) || last_cat_metric != cat_metric) { - strcpy (last, category); + strncpy(last, category, sizeof(last) - 1); last_cat_metric = cat_metric; new_cat = (struct ast_category *) ast_new_category (category); @@ -184,7 +184,7 @@ int unload_module (void) int load_module (void) { memset (®1, 0, sizeof (struct ast_config_reg)); - strcpy (reg1.name, "odbc"); + strncpy(reg1.name, "odbc", sizeof(reg1.name) - 1); reg1.func = config_odbc; ast_cust_config_register (®1); ast_log (LOG_NOTICE, "res_config_odbc loaded.\n"); Index: res/res_crypto.c =================================================================== RCS file: /usr/cvsroot/asterisk/res/res_crypto.c,v retrieving revision 1.10 diff -u -p -r1.10 res_crypto.c --- res/res_crypto.c 25 Jun 2004 03:59:07 -0000 1.10 +++ res/res_crypto.c 14 Jul 2004 12:12:08 -0000 @@ -213,9 +213,9 @@ static struct ast_key *try_load_key (cha if (found) ast_mutex_lock(&keylock); /* First the filename */ - strncpy(key->fn, ffname, sizeof(key->fn)); + strncpy(key->fn, ffname, sizeof(key->fn) - 1); /* Then the name */ - strncpy(key->name, fname, sizeof(key->name)); + strncpy(key->name, fname, sizeof(key->name) - 1); key->ktype = ktype; /* Yes, assume we're going to be deleted */ key->delme = 1; @@ -444,14 +444,14 @@ static int init_keys(int fd, int argc, c struct ast_key *key; int ign; char *kn; - char tmp[256]; + char tmp[256] = ""; key = keys; while(key) { /* Reload keys that need pass codes now */ if (key->ktype & KEY_NEEDS_PASSCODE) { kn = key->fn + strlen(ast_config_AST_KEY_DIR) + 1; - strncpy(tmp, kn, sizeof(tmp)); + strncpy(tmp, kn, sizeof(tmp) - 1); try_load_key((char *)ast_config_AST_KEY_DIR, tmp, fd, fd, &ign); } key = key->next; Index: res/res_indications.c =================================================================== RCS file: /usr/cvsroot/asterisk/res/res_indications.c,v retrieving revision 1.6 diff -u -p -r1.6 res_indications.c --- res/res_indications.c 22 Jun 2004 18:49:00 -0000 1.6 +++ res/res_indications.c 14 Jul 2004 12:12:08 -0000 @@ -163,7 +163,7 @@ static int handle_show_indications(int f j += snprintf(buf+j,sizeof(buf)-j,"%d,",tz->ringcadance[i]); } if (tz->nrringcadance) j--; - strncpy(buf+j,"\n",sizeof(buf)-j); + strncpy(buf+j,"\n",sizeof(buf)-j-1); ast_cli(fd,buf); for (ts=tz->tones; ts; ts=ts->next) ast_cli(fd,"%-7.7s %-15.15s %s\n",tz->country,ts->name,ts->data); @@ -241,7 +241,7 @@ static int ind_load_module(void) return -1; } memset(tones,0,sizeof(struct tone_zone)); - strncpy(tones->country,cxt,sizeof(tones->country)); + strncpy(tones->country,cxt,sizeof(tones->country) - 1); v = ast_variable_browse(cfg, cxt); while(v) { @@ -282,7 +282,7 @@ static int ind_load_module(void) return -1; } memset(azone,0,sizeof(struct tone_zone)); - strncpy(azone->country,country,sizeof(azone->country)); + strncpy(azone->country, country, sizeof(azone->country) - 1); strncpy(azone->alias, cxt, sizeof(azone->alias)-1); if (ast_register_indication_country(azone)) { ast_log(LOG_WARNING, "Unable to register indication alias at line %d.\n",v->lineno); Index: res/res_musiconhold.c =================================================================== RCS file: /usr/cvsroot/asterisk/res/res_musiconhold.c,v retrieving revision 1.34 diff -u -p -r1.34 res_musiconhold.c --- res/res_musiconhold.c 2 Jul 2004 23:11:14 -0000 1.34 +++ res/res_musiconhold.c 14 Jul 2004 12:12:09 -0000 @@ -153,7 +153,7 @@ static int spawn_mp3(struct mohclass *cl files = 0; while((de = readdir(dir)) && (files < MAX_MP3S)) { if ((strlen(de->d_name) > 3) && !strcasecmp(de->d_name + strlen(de->d_name) - 4, ".mp3")) { - strncpy(fns[files], de->d_name, sizeof(fns[files])); + strncpy(fns[files], de->d_name, sizeof(fns[files]) - 1); argv[argc++] = fns[files]; files++; } @@ -340,7 +340,7 @@ static int moh2_exec(struct ast_channel ast_log(LOG_WARNING, "SetMusicOnHold requires an argument (class)\n"); return -1; } - strncpy(chan->musicclass, data, sizeof(chan->musicclass)); + strncpy(chan->musicclass, data, sizeof(chan->musicclass) - 1); return 0; } Index: res/res_odbc.c =================================================================== RCS file: /usr/cvsroot/asterisk/res/res_odbc.c,v retrieving revision 1.4 diff -u -p -r1.4 res_odbc.c --- res/res_odbc.c 8 Jul 2004 19:58:26 -0000 1.4 +++ res/res_odbc.c 14 Jul 2004 12:12:09 -0000 @@ -61,7 +61,7 @@ static int odbc_write(struct odbc_list * int x = 0; for (x = 0; x < MAX_ODBC_HANDLES; x++) { if (!registry[x].used) { - strncpy(registry[x].name, name, sizeof(registry[x].name)); + strncpy(registry[x].name, name, sizeof(registry[x].name) - 1); registry[x].obj = obj; registry[x].used = 1; return 1; Index: res/res_osp.c =================================================================== RCS file: /usr/cvsroot/asterisk/res/res_osp.c,v retrieving revision 1.6 diff -u -p -r1.6 res_osp.c --- res/res_osp.c 30 Jun 2004 16:56:51 -0000 1.6 +++ res/res_osp.c 14 Jul 2004 12:12:10 -0000 @@ -121,7 +121,7 @@ static int osp_build(struct ast_config * osp->retrydelay = OSP_DEFAULT_RETRY_DELAY; osp->retrylimit = OSP_DEFAULT_RETRY_LIMIT; osp->timeout = OSP_DEFAULT_TIMEOUT; - strcpy(osp->source, ""); + osp->source[0] = '\0'; ast_log(LOG_DEBUG, "Building OSP Provider '%s'\n", cat); v = ast_variable_browse(cfg, cat); while(v) { @@ -138,7 +138,7 @@ static int osp_build(struct ast_config * } else if (!strcasecmp(v->name, "cacert")) { if (osp->cacount < MAX_CERTS) { if (v->value[0] == '/') - strncpy(osp->cacerts[osp->cacount], v->value, sizeof(osp->cacerts[0])); + strncpy(osp->cacerts[osp->cacount], v->value, sizeof(osp->cacerts[0]) - 1); else snprintf(osp->cacerts[osp->cacount], sizeof(osp->cacerts[0]), AST_KEY_DIR "/%s", v->value); osp->cacount++; @@ -146,7 +146,7 @@ static int osp_build(struct ast_config * ast_log(LOG_WARNING, "Too many CA Certificates at line %d\n", v->lineno); } else if (!strcasecmp(v->name, "servicepoint")) { if (osp->spcount < MAX_SERVICEPOINTS) { - strncpy(osp->servicepoints[osp->spcount], v->value, sizeof(osp->servicepoints[0])); + strncpy(osp->servicepoints[osp->spcount], v->value, sizeof(osp->servicepoints[0]) - 1); osp->spcount++; } else ast_log(LOG_WARNING, "Too many Service points at line %d\n", v->lineno); @@ -424,7 +424,7 @@ int ast_osp_validate(char *provider, cha { char tmp[256]="", *l, *n; char iabuf[INET_ADDRSTRLEN]; - char source[OSP_MAX]; /* Same length as osp->source */ + char source[OSP_MAX] = ""; /* Same length as osp->source */ char *token2; int tokenlen; struct osp_provider *osp; @@ -459,7 +459,7 @@ int ast_osp_validate(char *provider, cha if (OSPPTransactionNew(osp->handle, handle)) { ast_log(LOG_WARNING, "Unable to create OSP Transaction handle!\n"); } else { - strcpy(source, osp->source); + strncpy(source, osp->source, sizeof(source) - 1); res = 1; } break; @@ -491,7 +491,7 @@ int ast_osp_lookup(struct ast_channel *c unsigned int timelimit; unsigned int callidlen; struct osp_provider *osp; - char source[OSP_MAX]; /* Same length as osp->source */ + char source[OSP_MAX] = ""; /* Same length as osp->source */ char uniqueid[32] = ""; char callednum[2048]=""; char destination[2048]=""; @@ -502,9 +502,9 @@ int ast_osp_lookup(struct ast_channel *c result->handle = -1; result->numresults = 0; - strcpy(result->tech, ""); - strcpy(result->dest, ""); - strcpy(result->token, ""); + result->tech[0] = '\0'; + result->dest[0] = '\0'; + result->token[0] = '\0'; if (!provider || !strlen(provider)) provider = "default"; @@ -535,7 +535,7 @@ int ast_osp_lookup(struct ast_channel *c if (OSPPTransactionNew(osp->handle, &result->handle)) { ast_log(LOG_WARNING, "Unable to create OSP Transaction handle!\n"); } else { - strcpy(source, osp->source); + strncpy(source, osp->source, sizeof(source) - 1); res = 1; } break; @@ -568,11 +568,11 @@ int ast_osp_lookup(struct ast_channel *c destination[strlen(destination) - 1] = '\0'; switch(prot) { case OSPE_DEST_PROT_H323_SETUP: - strcpy(result->tech, "H323"); + strncpy(result->tech, "H323", sizeof(result->tech) - 1); snprintf(result->dest, sizeof(result->dest), "%s@%s", callednum, destination + 1); break; case OSPE_DEST_PROT_SIP: - strcpy(result->tech, "SIP"); + strncpy(result->tech, "SIP", sizeof(result->tech) - 1); snprintf(result->dest, sizeof(result->dest), "%s@%s", callednum, destination + 1); break; default: @@ -626,9 +626,9 @@ int ast_osp_next(struct ast_osp_result * char token[2000]; OSPE_DEST_PROT prot; - strcpy(result->tech, ""); - strcpy(result->dest, ""); - strcpy(result->token, ""); + result->tech[0] = '\0'; + result->dest[0] = '\0'; + result->token[0] = '\0'; if (result->handle > -1) { dummy = 0; @@ -646,11 +646,11 @@ int ast_osp_next(struct ast_osp_result * destination[strlen(destination) - 1] = '\0'; switch(prot) { case OSPE_DEST_PROT_H323_SETUP: - strcpy(result->tech, "H323"); + strncpy(result->tech, "H323", sizeof(result->tech) - 1); snprintf(result->dest, sizeof(result->dest), "%s@%s", callednum, destination + 1); break; case OSPE_DEST_PROT_SIP: - strcpy(result->tech, "SIP"); + strncpy(result->tech, "SIP", sizeof(result->tech) - 1); snprintf(result->dest, sizeof(result->dest), "%s@%s", callednum, destination + 1); break; default: Index: stdtime/localtime.c =================================================================== RCS file: /usr/cvsroot/asterisk/stdtime/localtime.c,v retrieving revision 1.7 diff -u -p -r1.7 localtime.c --- stdtime/localtime.c 9 Jun 2004 01:45:08 -0000 1.7 +++ stdtime/localtime.c 14 Jul 2004 12:12:11 -0000 @@ -235,7 +235,7 @@ register struct state * const sp; ** to hold the longest file name string that the implementation ** guarantees can be opened." */ - char fullname[FILENAME_MAX + 1]; + char fullname[FILENAME_MAX + 1] = ""; if (name[0] == ':') ++name; @@ -245,9 +245,9 @@ register struct state * const sp; return -1; if ((strlen(p) + 1 + strlen(name) + 1) >= sizeof fullname) return -1; - (void) strcpy(fullname, p); - (void) strcat(fullname, "/"); - (void) strcat(fullname, name); + (void) strncpy(fullname, p, sizeof(fullname) - 1); + (void) strncat(fullname, "/", sizeof(fullname) - strlen(fullname) - 1); + (void) strncat(fullname, name, sizeof(fullname) - strlen(fullname) - 1); /* ** Set doaccess if '.' (as in "../") shows up in name. */ @@ -929,7 +929,7 @@ ast_tzset P((const char *name)) cur_state->timecnt = 0; cur_state->ttis[0].tt_gmtoff = 0; cur_state->ttis[0].tt_abbrind = 0; - (void) strcpy(cur_state->chars, gmt); + (void) strncpy(cur_state->chars, gmt, sizeof(cur_state->chars) - 1); } else if (tzload(name, cur_state) != 0) { if (name[0] == ':') { (void) gmtload(cur_state); @@ -940,7 +940,7 @@ ast_tzset P((const char *name)) (void) gmtload(cur_state); } } - strncpy(cur_state->name,name,sizeof(cur_state->name)); + strncpy(cur_state->name, name, sizeof(cur_state->name) - 1); if (last_lclptr) last_lclptr->next = cur_state; else