More strcpy / snprintf as part of rgagnon's audit (bug #2004)
authorMark Spencer <markster@digium.com>
Fri, 9 Jul 2004 10:08:09 +0000 (10:08 +0000)
committerMark Spencer <markster@digium.com>
Fri, 9 Jul 2004 10:08:09 +0000 (10:08 +0000)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3410 65c4cc65-6c06-0410-ace0-fbb531ad65f3

app.c
asterisk.c
callerid.c
cdr.c
channel.c
channels/chan_zap.c
config.c
db.c

diff --git a/app.c b/app.c
index 813d358..86ad507 100755 (executable)
--- a/app.c
+++ b/app.c
@@ -157,7 +157,7 @@ int ast_app_has_voicemail(const char *mailbox)
        if (ast_strlen_zero(mailbox))
                return 0;
        if (strchr(mailbox, ',')) {
-               strncpy(tmp, mailbox, sizeof(tmp));
+               strncpy(tmp, mailbox, sizeof(tmp) - 1);
                mb = tmp;
                ret = 0;
                while((cur = strsep(&mb, ","))) {
@@ -207,7 +207,7 @@ int ast_app_messagecount(const char *mailbox, int *newmsgs, int *oldmsgs)
                return 0;
        if (strchr(mailbox, ',')) {
                int tmpnew, tmpold;
-               strncpy(tmp, mailbox, sizeof(tmp));
+               strncpy(tmp, mailbox, sizeof(tmp) - 1);
                mb = tmp;
                ret = 0;
                while((cur = strsep(&mb, ", "))) {
index bdd9525..439cbb4 100755 (executable)
@@ -943,10 +943,10 @@ static char *cli_prompt(EditLine *el)
                                        case 'C': /* color */
                                                t++;
                                                if (sscanf(t, "%d;%d%n", &fgcolor, &bgcolor, &i) == 2) {
-                                                       strncat(p, term_color_code(term_code, fgcolor, bgcolor, sizeof(term_code)),sizeof(prompt) - strlen(prompt));
+                                                       strncat(p, term_color_code(term_code, fgcolor, bgcolor, sizeof(term_code)),sizeof(prompt) - strlen(prompt) - 1);
                                                        t += i - 1;
                                                } else if (sscanf(t, "%d%n", &fgcolor, &i) == 1) {
-                                                       strncat(p, term_color_code(term_code, fgcolor, 0, sizeof(term_code)),sizeof(prompt) - strlen(prompt));
+                                                       strncat(p, term_color_code(term_code, fgcolor, 0, sizeof(term_code)),sizeof(prompt) - strlen(prompt) - 1);
                                                        t += i - 1;
                                                }
 
@@ -966,9 +966,9 @@ static char *cli_prompt(EditLine *el)
                                                break;
                                        case 'h': /* hostname */
                                                if (!gethostname(hostname, sizeof(hostname) - 1)) {
-                                                       strncat(p, hostname, sizeof(prompt) - strlen(prompt));
+                                                       strncat(p, hostname, sizeof(prompt) - strlen(prompt) - 1);
                                                } else {
-                                                       strncat(p, "localhost", sizeof(prompt) - strlen(prompt));
+                                                       strncat(p, "localhost", sizeof(prompt) - strlen(prompt) - 1);
                                                }
                                                break;
                                        case 'H': /* short hostname */
@@ -979,9 +979,9 @@ static char *cli_prompt(EditLine *el)
                                                                        break;
                                                                }
                                                        }
-                                                       strncat(p, hostname, sizeof(prompt) - strlen(prompt));
+                                                       strncat(p, hostname, sizeof(prompt) - strlen(prompt) - 1);
                                                } else {
-                                                       strncat(p, "localhost", sizeof(prompt) - strlen(prompt));
+                                                       strncat(p, "localhost", sizeof(prompt) - strlen(prompt) - 1);
                                                }
                                                break;
 #ifdef linux
@@ -1023,13 +1023,13 @@ static char *cli_prompt(EditLine *el)
                                                break;
                                        case '#': /* process console or remote? */
                                                if (! option_remote) {
-                                                       strncat(p, "#", sizeof(prompt) - strlen(prompt));
+                                                       strncat(p, "#", sizeof(prompt) - strlen(prompt) - 1);
                                                } else {
-                                                       strncat(p, ">", sizeof(prompt) - strlen(prompt));
+                                                       strncat(p, ">", sizeof(prompt) - strlen(prompt) - 1);
                                                }
                                                break;
                                        case '%': /* literal % */
-                                               strncat(p, "%", sizeof(prompt) - strlen(prompt));
+                                               strncat(p, "%", sizeof(prompt) - strlen(prompt) - 1);
                                                break;
                                        case '\0': /* % is last character - prevent bug */
                                                t--;
@@ -1462,14 +1462,14 @@ static void ast_readconfig(void) {
                    strncpy((char *)ast_config_AST_SPOOL_DIR,v->value,sizeof(ast_config_AST_SPOOL_DIR)-1);
                } else if (!strcasecmp(v->name, "astvarlibdir")) {
                    strncpy((char *)ast_config_AST_VAR_DIR,v->value,sizeof(ast_config_AST_VAR_DIR)-1);
-                   snprintf((char *)ast_config_AST_DB,sizeof(ast_config_AST_DB)-1,"%s/%s",v->value,"astdb");    
+                   snprintf((char *)ast_config_AST_DB,sizeof(ast_config_AST_DB),"%s/%s",v->value,"astdb");    
                } else if (!strcasecmp(v->name, "astlogdir")) {
                    strncpy((char *)ast_config_AST_LOG_DIR,v->value,sizeof(ast_config_AST_LOG_DIR)-1);
                } else if (!strcasecmp(v->name, "astagidir")) {
                    strncpy((char *)ast_config_AST_AGI_DIR,v->value,sizeof(ast_config_AST_AGI_DIR)-1);
                } else if (!strcasecmp(v->name, "astrundir")) {
-                   snprintf((char *)ast_config_AST_PID,sizeof(ast_config_AST_PID)-1,"%s/%s",v->value,"asterisk.pid");    
-                   snprintf((char *)ast_config_AST_SOCKET,sizeof(ast_config_AST_SOCKET)-1,"%s/%s",v->value,"asterisk.ctl");    
+                   snprintf((char *)ast_config_AST_PID,sizeof(ast_config_AST_PID),"%s/%s",v->value,"asterisk.pid");    
+                   snprintf((char *)ast_config_AST_SOCKET,sizeof(ast_config_AST_SOCKET),"%s/%s",v->value,"asterisk.ctl");    
                    strncpy((char *)ast_config_AST_RUN_DIR,v->value,sizeof(ast_config_AST_RUN_DIR)-1);
                } else if (!strcasecmp(v->name, "astmoddir")) {
                    strncpy((char *)ast_config_AST_MODULE_DIR,v->value,sizeof(ast_config_AST_MODULE_DIR)-1);
@@ -1564,7 +1564,7 @@ int main(int argc, char *argv[])
                        xarg = optarg;
                        break;
                case 'C':
-                       strncpy((char *)ast_config_AST_CONFIG_FILE,optarg,sizeof(ast_config_AST_CONFIG_FILE));
+                       strncpy((char *)ast_config_AST_CONFIG_FILE,optarg,sizeof(ast_config_AST_CONFIG_FILE) - 1);
                        option_overrideconfig++;
                        break;
                case 'i':
index 859a876..544345b 100755 (executable)
@@ -242,8 +242,8 @@ int callerid_feed(struct callerid_state *cid, unsigned char *ubuf, int len, int
                                        break;
                                }
                
-                               strcpy(cid->number, "");
-                               strcpy(cid->name, "");
+                               cid->number[0] = '\0';
+                               cid->name[0] = '\0';
                                /* If we get this far we're fine.  */
                                if (cid->type == 0x80) {
                                        /* MDMF */
diff --git a/cdr.c b/cdr.c
index 76dc4de..a078c15 100755 (executable)
--- a/cdr.c
+++ b/cdr.c
@@ -431,7 +431,7 @@ int ast_cdr_update(struct ast_channel *c)
                        if (c->callerid && !ast_strlen_zero(c->callerid))
                                strncpy(cdr->clid, c->callerid, sizeof(cdr->clid) - 1);
                        else
-                               strcpy(cdr->clid, "");
+                               cdr->clid[0] = '\0';
                        name = NULL;
                        num = NULL;
                        ast_callerid_parse(tmp, &name, &num);
index 3af70d1..c2ccfdc 100755 (executable)
--- a/channel.c
+++ b/channel.c
@@ -2143,7 +2143,7 @@ int ast_channel_masquerade(struct ast_channel *original, struct ast_channel *clo
 void ast_change_name(struct ast_channel *chan, char *newname)
 {
        char tmp[256];
-       strncpy(tmp, chan->name, 256);
+       strncpy(tmp, chan->name, sizeof(tmp) - 1);
        strncpy(chan->name, newname, sizeof(chan->name) - 1);
        manager_event(EVENT_FLAG_CALL, "Rename", "Oldname: %s\r\nNewname: %s\r\nUniqueid: %s\r\n", tmp, chan->name, chan->uniqueid);
 }
index 4220829..c58be4e 100755 (executable)
@@ -611,6 +611,9 @@ static int hangup_pri2cause(int cause)
                case PRI_CAUSE_UNALLOCATED:
                case PRI_CAUSE_NUMBER_CHANGED:
                        return AST_CAUSE_UNALLOCATED;
+               case PRI_CAUSE_NO_USER_RESPONSE:
+               case PRI_CAUSE_NO_ANSWER:
+                       return AST_CAUSE_NO_ANSWER;
                default:
                        return AST_CAUSE_FAILURE;
        }
index 11c930b..6a4d106 100755 (executable)
--- a/config.c
+++ b/config.c
@@ -319,7 +319,7 @@ struct ast_variable *ast_variable_append_modify(struct ast_config *config, char
                if (!cat)
                        return NULL;
                memset(cat, 0, sizeof(struct ast_category));
-               strncpy(cat->name, category, sizeof(cat->name));
+               strncpy(cat->name, category, sizeof(cat->name) - 1);
                if (config->root) {
                        /* Put us at the end */
                        pcat = config->root;
@@ -646,7 +646,7 @@ int ast_save(char *configfile, struct ast_config *cfg, char *generator)
 {
        FILE *f;
        char fn[256];
-       char date[256];
+       char date[256]="";
        time_t t;
        struct ast_variable *var;
        struct ast_category *cat;
@@ -657,7 +657,7 @@ int ast_save(char *configfile, struct ast_config *cfg, char *generator)
                snprintf(fn, sizeof(fn), "%s/%s", AST_CONFIG_DIR, configfile);
        }
        time(&t);
-       strncpy(date, ctime(&t), sizeof(date));
+       strncpy(date, ctime(&t), sizeof(date) - 1);
        if ((f = fopen(fn, "w"))) {
                if ((option_verbose > 1) && !option_debug)
                        ast_verbose(  VERBOSE_PREFIX_2 "Saving '%s': ", fn);
@@ -974,7 +974,7 @@ struct ast_category *ast_new_category(char *name)
        category = malloc(sizeof(struct ast_category));
        if (category) {
                memset(category,0,sizeof(struct ast_category));
-               strncpy(category->name,name,sizeof(category->name));
+               strncpy(category->name,name,sizeof(category->name) - 1);
        }
        return category;
 }
@@ -1082,7 +1082,8 @@ int read_ast_cust_config(void)
                                        if (strcmp(v->name,config_conf_file) && strcmp(v->name,"asterisk.conf")) {
                                                if (!(test = get_ast_cust_config_keyword(v->name))) {
                                                        ast_log(LOG_NOTICE,"Binding: %s to %s\n",v->name,v->value);
-                                                       strncpy(ptr->keywords[ptr->keycount],v->name,sizeof(ptr->keywords[ptr->keycount]));
+                                                       strncpy(ptr->keywords[ptr->keycount],v->name,sizeof(ptr->keywords[ptr->keycount]) - 1);
+                                                       ptr->keywords[ptr->keycount][sizeof(ptr->keywords[ptr->keycount])-1] = '\0';
                                                        ptr->keycount++;
                                                }
                                        } else {
diff --git a/db.c b/db.c
index 128547f..8bd72a5 100755 (executable)
--- a/db.c
+++ b/db.c
@@ -84,7 +84,7 @@ int ast_db_deltree(const char *family, const char *keytree)
        } else if (keytree)
                return -1;
        else
-               strcpy(prefix, "");
+               prefix[0] = '\0';
        
        ast_mutex_lock(&dblock);
        if (dbinit()) 
@@ -169,6 +169,7 @@ int ast_db_get(const char *family, const char *keys, char *value, int valuelen)
                        ((char *)data.data)[data.size - 1] = '\0';
                        /* Make sure that we don't write too much to the dst pointer or we don't read too much from the source pointer */
                        strncpy(value, data.data, (valuelen > data.size) ? data.size : valuelen);
+                       value[valuelen - 1] = '\0';
                } else {
                        ast_log(LOG_NOTICE, "Strange, empty value for /%s/%s\n", family, keys);
                }
@@ -275,7 +276,7 @@ static int database_show(int fd, int argc, char *argv[])
                snprintf(prefix, sizeof(prefix), "/%s", argv[2]);
        } else if (argc == 2) {
                /* Neither */
-               strcpy(prefix, "");
+               prefix[0] = '\0';
        } else
                return RESULT_SHOWUSAGE;
        ast_mutex_lock(&dblock);
@@ -324,7 +325,7 @@ struct ast_db_entry *ast_db_gettree(const char *family, const char *keytree)
                        /* Family only */
                        snprintf(prefix, sizeof(prefix), "/%s", family);
        } else
-               strcpy(prefix, "");
+               prefix[0] = '\0';
        ast_mutex_lock(&dblock);
        if (dbinit()) {
                ast_mutex_unlock(&dblock);