Merge rgagnon's pedantic string changes (apps n-z) (bug #2038)
authorMark Spencer <markster@digium.com>
Wed, 14 Jul 2004 07:34:34 +0000 (07:34 +0000)
committerMark Spencer <markster@digium.com>
Wed, 14 Jul 2004 07:34:34 +0000 (07:34 +0000)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3429 65c4cc65-6c06-0410-ace0-fbb531ad65f3

13 files changed:
apps/app_qcall.c
apps/app_queue.c
apps/app_record.c
apps/app_rpt.c
apps/app_setcidnum.c
apps/app_sms.c
apps/app_sql_postgres.c
apps/app_striplsd.c
apps/app_substring.c
apps/app_txtcidname.c
apps/app_voicemail.c
apps/app_zapbarge.c
apps/app_zapscan.c

index 33731b2..d171efe 100755 (executable)
@@ -122,7 +122,7 @@ pthread_attr_t attr;
                while((dp = readdir(dirp)) != NULL)
                   {
                        if (dp->d_name[0] == '.') continue;
-                       sprintf(fname,"%s/%s",qdir,dp->d_name);
+                       snprintf(fname, sizeof(fname), "%s/%s", qdir, dp->d_name);
                        if (stat(fname,&mystat) == -1)
                           {
                                perror("app_qcall:stat");
@@ -171,15 +171,20 @@ pthread_attr_t attr;
 /* single thread with one file (request) to dial */
 static void *qcall_do(void *arg)
 {
-char fname[300],dialstr[300],extstr[300],ident[300],reqinp[300],buf[300];
-char clid[300],*tele,*context;
-FILE *fp;
-int ms = MAXWAITFORANSWER,maxsecs;
-struct ast_channel *channel;
-time_t t;
+       char fname[300] = "";
+       char dialstr[300];
+       char extstr[300];
+       char ident[300] = "";
+       char reqinp[300] = "";
+       char buf[300];
+       char clid[300],*tele,*context;
+       FILE *fp;
+       int ms = MAXWAITFORANSWER,maxsecs;
+       struct ast_channel *channel;
+       time_t  t;
 
          /* get the filename from the arg */
-       strcpy(fname,(char *)arg);
+       strncpy(fname,(char *)arg, sizeof(fname) - 1);
        free(arg);
        time(&t);
        fp = fopen(fname,"r");
@@ -197,8 +202,11 @@ time_t     t;
                fprintf(stderr,"%s\n",fname);
                pthread_exit(NULL);
           }
-       strcpy(reqinp,"1");  /* default required input for acknowledgement */
-       strcpy(ident, "");      /* default no ident */
+       /* default required input for acknowledgement */
+       reqinp[0] = '1';
+       reqinp[1] = '\0';
+       /* default no ident */
+       ident[0] = '\0';  /* default no ident */
        if (fscanf(fp,"%s %s %s %d %s %s",dialstr,clid,
                extstr,&maxsecs,ident,reqinp) < 4)
           {
@@ -307,7 +315,7 @@ time_t      t;
                                                ast_verbose(VERBOSE_PREFIX_3 "Qcall got accept, now putting through to %s@%s on %s\n",
                                                        extstr,context,channel->name);
                                        if (strlen(ident)) {
-                                               strcat(ident,"-ok");
+                                               strncat(ident,"-ok", sizeof(ident) - strlen(ident) - 1);
                                                /* if file existant, play it */
                                                if (!ast_streamfile(channel,ident,0))
                                                {
@@ -325,7 +333,7 @@ time_t      t;
                                        channel->amaflags = AMAFLAGS;
 #endif
 #ifdef ACCTCODE
-                                       strcpy(channel->accountcode,ACCTCODE);
+                                       strncpy(channel->accountcode, ACCTCODE, sizeof(chan->accountcode) - 1);
 #else
                                        channel->accountcode[0] = 0;
 #endif
@@ -334,8 +342,8 @@ time_t      t;
                                                time(&channel->whentohangup);
                                                channel->whentohangup += maxsecs;
                                           }
-                                       strcpy(channel->exten,extstr);
-                                       strcpy(channel->context,context);
+                                       strncpy(channel->exten, extstr, sizeof(channel->exten) - 1);
+                                       strncpy(channel->context, context, sizeof(channel->context) - 1);
                                        channel->priority = 1;
                                        if(debug) printf("Caller ID is %s\n", channel->callerid);
                                        ast_pbx_run(channel);
@@ -361,7 +369,7 @@ int unload_module(void)
 
 int load_module(void)
 {
-       snprintf((char *)qdir,sizeof(qdir)-1,"%s/%s",(char *)ast_config_AST_SPOOL_DIR,"qcall");
+       snprintf(qdir, sizeof(qdir), "%s/%s", ast_config_AST_SPOOL_DIR, "qcall");
        mkdir(qdir,0760);
        pthread_create(&qcall_thread,NULL,qcall,NULL);
        return 0;
index 29efabb..45690fd 100755 (executable)
@@ -302,9 +302,9 @@ static int join_queue(char *queuename, struct queue_ent *qe)
                                /* No luck, join at the end of the queue */
                                if (!inserted)
                                        insert_entry(q, prev, qe, &pos);
-                               strncpy(qe->moh, q->moh, sizeof(qe->moh));
-                               strncpy(qe->announce, q->announce, sizeof(qe->announce));
-                               strncpy(qe->context, q->context, sizeof(qe->context));
+                               strncpy(qe->moh, q->moh, sizeof(qe->moh) - 1);
+                               strncpy(qe->announce, q->announce, sizeof(qe->announce) - 1);
+                               strncpy(qe->context, q->context, sizeof(qe->context) - 1);
                                q->count++;
                                res = 0;
                                manager_event(EVENT_FLAG_CALL, "Join", 
@@ -1220,7 +1220,7 @@ static struct member * interface_exists( struct ast_call_queue * q, char * inter
                mem = q->members ;
 
                while( mem != NULL ) {
-                       sprintf( buf, "%s/%s", mem->tech, mem->loc);
+                       snprintf( buf, sizeof(buf), "%s/%s", mem->tech, mem->loc);
 
                        if( strcmp( buf, interface ) == 0 ) {
                                ret = mem ;
@@ -1710,7 +1710,7 @@ static void reload_queues(void)
                                        /* Initialize it */
                                        memset(q, 0, sizeof(struct ast_call_queue));
                                        ast_mutex_init(&q->lock);
-                                       strncpy(q->name, cat, sizeof(q->name));
+                                       strncpy(q->name, cat, sizeof(q->name) - 1);
                                        new = 1;
                                } else new = 0;
                        } else
@@ -1733,17 +1733,17 @@ static void reload_queues(void)
                                q->servicelevel = 0;
                                q->wrapuptime = 0;
                                free_members(q, 0);
-                               strcpy(q->moh, "");
-                               strcpy(q->announce, "");
-                               strcpy(q->context, "");
-                               strcpy(q->monfmt, "");
-                               strcpy(q->sound_next, "queue-youarenext");
-                               strcpy(q->sound_thereare, "queue-thereare");
-                               strcpy(q->sound_calls, "queue-callswaiting");
-                               strcpy(q->sound_holdtime, "queue-holdtime");
-                               strcpy(q->sound_minutes, "queue-minutes");
-                               strcpy(q->sound_seconds, "queue-seconds");
-                               strcpy(q->sound_thanks, "queue-thankyou");
+                               q->moh[0] = '\0';
+                               q->announce[0] = '\0';
+                               q->context[0] = '\0';
+                               q->monfmt[0] = '\0';
+                               strncpy(q->sound_next, "queue-youarenext", sizeof(q->sound_next) - 1);
+                               strncpy(q->sound_thereare, "queue-thereare", sizeof(q->sound_thereare) - 1);
+                               strncpy(q->sound_calls, "queue-callswaiting", sizeof(q->sound_calls) - 1);
+                               strncpy(q->sound_holdtime, "queue-holdtime", sizeof(q->sound_holdtime) - 1);
+                               strncpy(q->sound_minutes, "queue-minutes", sizeof(q->sound_minutes) - 1);
+                               strncpy(q->sound_seconds, "queue-seconds", sizeof(q->sound_seconds) - 1);
+                               strncpy(q->sound_thanks, "queue-thankyou", sizeof(q->sound_thanks) - 1);
                                prev = q->members;
                                if (prev) {
                                        /* find the end of any dynamic members */
@@ -1879,8 +1879,8 @@ static int __queues_show(int fd, int argc, char **argv, int queue_show)
        struct member *mem;
        int pos;
        time_t now;
-       char max[80];
-       char calls[80];
+       char max[80] = "";
+       char calls[80] = "";
        float sl = 0;
 
        time(&now);
@@ -1912,7 +1912,7 @@ static int __queues_show(int fd, int argc, char **argv, int queue_show)
                if (q->maxlen)
                        snprintf(max, sizeof(max), "%d", q->maxlen);
                else
-                       strcpy(max, "unlimited");
+                       strncpy(max, "unlimited", sizeof(max) - 1);
                sl = 0;
                if(q->callscompleted > 0)
                        sl = 100*((float)q->callscompletedinsl/(float)q->callscompleted);
@@ -1924,14 +1924,14 @@ static int __queues_show(int fd, int argc, char **argv, int queue_show)
                                if (mem->penalty)
                                        snprintf(max, sizeof(max) - 20, " with penalty %d", mem->penalty);
                                else
-                                       strcpy(max, "");
+                                       max[0] = '\0';
                                if (mem->dynamic)
-                                       strcat(max, " (dynamic)");
+                                       strncat(max, " (dynamic)", sizeof(max) - strlen(max) - 1);
                                if (mem->calls) {
                                        snprintf(calls, sizeof(calls), " has taken %d calls (last was %ld secs ago)",
                                                        mem->calls, (long)(time(NULL) - mem->lastcall));
                                } else
-                                       strcpy(calls, " has taken no calls yet");
+                                       strncpy(calls, " has taken no calls yet", sizeof(calls) - 1);
                                ast_cli(fd, "      %s/%s%s%s\n", mem->tech, mem->loc, max, calls);
                        }
                } else
index 92b38b3..cd46d3e 100755 (executable)
@@ -156,7 +156,7 @@ static int record_exec(struct ast_channel *chan, void *data)
          create a new file with the inputed name scheme */
        if (percentflag) {
                do {
-                       snprintf(tmp, sizeof(tmp)-1, fil, count);
+                       snprintf(tmp, sizeof(tmp), fil, count);
                        count++;
                } while ( ast_fileexists(tmp, ext, chan->language) != -1 );
                pbx_builtin_setvar_helper(chan, "RECORDED_FILE", tmp);
index 3ca998a..1df9c85 100755 (executable)
@@ -1048,7 +1048,7 @@ pthread_attr_t attr;
                }
        }
        else if (mode == ARB_ALPHA){
-               strncpy(tele->param, (char *) data, TELEPARAMSIZE);
+               strncpy(tele->param, (char *) data, TELEPARAMSIZE - 1);
                tele->param[TELEPARAMSIZE - 1] = 0;
        }
        insque((struct qelem *)tele,(struct qelem *)myrpt->tele.next); 
@@ -1202,10 +1202,10 @@ struct ast_channel *mychannel,*genchannel;
                if (mychannel->callerid) free(mychannel->callerid);
                mychannel->callerid = strdup(myrpt->ourcallerid);
        }
-       strcpy(mychannel->exten,myrpt->exten);
-       strcpy(mychannel->context,myrpt->ourcontext);
+       strncpy(mychannel->exten, myrpt->exten, sizeof(mychannel->exten) - 1);
+       strncpy(mychannel->context, myrpt->ourcontext, sizeof(mychannel->context) - 1);
        if (myrpt->acctcode)
-               strcpy(mychannel->accountcode,myrpt->acctcode);
+               strncpy(mychannel->accountcode, myrpt->acctcode, sizeof(mychannel->accountcode) - 1);
        mychannel->priority = 1;
        ast_channel_undefer_dtmf(mychannel);
        if (ast_pbx_start(mychannel) < 0)
@@ -1264,7 +1264,7 @@ char      str[300];
 struct ast_frame wf;
 struct rpt_link *l;
 
-       sprintf(str,"D %s %s %d %c",myrpt->cmdnode,myrpt->name,++(myrpt->dtmfidx),c);
+       snprintf(str, sizeof(str), "D %s %s %d %c", myrpt->cmdnode, myrpt->name, ++(myrpt->dtmfidx), c);
        wf.frametype = AST_FRAME_TEXT;
        wf.subclass = 0;
        wf.offset = 0;
@@ -1303,7 +1303,7 @@ static int function_ilink(struct rpt *myrpt, char *param, char *digitbuf, int co
 {
 
        char *val, *s, *s1, *tele;
-       char tmp[300], deststr[300];
+       char tmp[300], deststr[300] = "";
        struct rpt_link *l;
        ZT_CONFINFO ci;  /* conference info */
 
@@ -1387,7 +1387,7 @@ static int function_ilink(struct rpt *myrpt, char *param, char *digitbuf, int co
                        }
                        /* zero the silly thing */
                        memset((char *)l,0,sizeof(struct rpt_link));
-                       sprintf(deststr,"IAX2/%s",s1);
+                       snprintf(deststr, sizeof(deststr), "IAX2/%s", s1);
                        tele = strchr(deststr,'/');
                        if (!tele){
                                fprintf(stderr,"link2:Dial number (%s) must be in format tech/number\n",deststr);
@@ -1482,7 +1482,7 @@ static int function_ilink(struct rpt *myrpt, char *param, char *digitbuf, int co
                        l->mode = 1;
                        strncpy(l->name, digitbuf, MAXNODESTR - 1);
                        l->isremote = (s && ast_true(s));
-                       sprintf(deststr, "IAX2/%s", s1);
+                       snprintf(deststr, sizeof(deststr), "IAX2/%s", s1);
                        tele = strchr(deststr, '/');
                        if (!tele){
                                fprintf(stderr,"link3:Dial number (%s) must be in format tech/number\n",deststr);
@@ -1554,7 +1554,7 @@ static int function_ilink(struct rpt *myrpt, char *param, char *digitbuf, int co
                        
                        }
                        ast_mutex_lock(&myrpt->lock);
-                       strcpy(myrpt->cmdnode, digitbuf);
+                       strncpy(myrpt->cmdnode, digitbuf, sizeof(myrpt->cmdnode) - 1);
                        ast_mutex_unlock(&myrpt->lock);
                        rpt_telemetry(myrpt, REMGO, NULL);      
                        return DC_COMPLETE;
@@ -1712,7 +1712,7 @@ static int function_remote(struct rpt *myrpt, char *param, char *digitbuf, int c
        char *s,*s1,*s2,*val;
        int i,j,k,l,res,offset,offsave;
        char oc;
-       char tmp[20], freq[20], savestr[20];
+       char tmp[20], freq[20] = "", savestr[20] = "";
        struct ast_channel *mychannel;
 
        if((!param) || (command_source != SOURCE_RMT))
@@ -1748,8 +1748,8 @@ static int function_remote(struct rpt *myrpt, char *param, char *digitbuf, int c
                        if (!s1)
                                return DC_ERROR;
                        *s1++ = 0;
-                       strcpy(myrpt->freq,tmp);
-                       strcpy(myrpt->rxpl,s);
+                       strncpy(myrpt->freq, tmp, sizeof(myrpt->freq) - 1);
+                       strncpy(myrpt->rxpl, s, sizeof(myrpt->rxpl) - 1);
                        myrpt->offset = REM_SIMPLEX;
                        myrpt->powerlevel = REM_MEDPWR;
                        myrpt->rxplon = 0;
@@ -1860,7 +1860,7 @@ static int function_remote(struct rpt *myrpt, char *param, char *digitbuf, int c
                                
                                        
                        
-                       sprintf(freq,"%s.%03d", s1, k);
+                       snprintf(freq, sizeof(freq), "%s.%03d", s1, k);
                        
                        offset = REM_SIMPLEX;
                        
@@ -1886,19 +1886,19 @@ static int function_remote(struct rpt *myrpt, char *param, char *digitbuf, int c
                        } 
                        
                        offsave = myrpt->offset;
-                       strcpy(savestr,myrpt->freq);
-                       strcpy(myrpt->freq, freq);
+                       strncpy(savestr, myrpt->freq, sizeof(savestr) - 1);
+                       strncpy(myrpt->freq, freq, sizeof(myrpt->freq) - 1);
                        
                        if(debug)
                                printf("@@@@ Frequency entered: %s\n", myrpt->freq);
        
                        
-                       strcpy(myrpt->freq, freq);
+                       strncpy(myrpt->freq, freq, sizeof(myrpt->freq) - 1);
                        myrpt->offset = offset;
        
                        if (setrbi(myrpt) == -1){
                                myrpt->offset = offsave;
-                               strcpy(myrpt->freq,savestr);
+                               strncpy(myrpt->freq, savestr, sizeof(myrpt->freq) - 1);
                                return DC_ERROR;
                        }
 
@@ -1933,11 +1933,11 @@ static int function_remote(struct rpt *myrpt, char *param, char *digitbuf, int c
                        s = strchr(tmp,'*');
                        if(s)
                                *s = '.';
-                       strcpy(savestr,myrpt->rxpl);
-                       strcpy(myrpt->rxpl,tmp);
+                       strncpy(savestr, myrpt->rxpl, sizeof(savestr) - 1);
+                       strncpy(myrpt->rxpl, tmp, sizeof(myrpt->rxpl) - 1);
                        
                        if (setrbi(myrpt) == -1){
-                               strcpy(myrpt->rxpl,savestr);
+                               strncpy(myrpt->rxpl, savestr, sizeof(myrpt->rxpl) - 1);
                                return DC_ERROR;
                        }
                
@@ -2077,7 +2077,7 @@ static int collect_function_digits(struct rpt *myrpt, char *digits, int command_
 {
        int i;
        char *stringp,*action,*param,*functiondigits;
-       char function_table_name[30];
+       char function_table_name[30] = "";
        char workstring[80];
        
        struct ast_variable *vp;
@@ -2086,9 +2086,9 @@ static int collect_function_digits(struct rpt *myrpt, char *digits, int command_
                printf("@@@@ Digits collected: %s, source: %d\n", digits, command_source);
        
        if (command_source == SOURCE_LNK)
-               strncpy(function_table_name, myrpt->link_functions, 30);
+               strncpy(function_table_name, myrpt->link_functions, sizeof(function_table_name) - 1);
        else
-               strncpy(function_table_name, myrpt->functions, 30);
+               strncpy(function_table_name, myrpt->functions, sizeof(function_table_name) - 1);
        vp = ast_variable_browse(cfg, function_table_name);
        while(vp) {
                if(!strncasecmp(vp->name, digits, strlen(vp->name)))
@@ -2134,7 +2134,7 @@ static int collect_function_digits(struct rpt *myrpt, char *digits, int command_
 static void handle_link_data(struct rpt *myrpt, struct rpt_link *mylink,
        char *str)
 {
-char   tmp[300],cmd[300],dest[300],src[300],c;
+char   tmp[300],cmd[300] = "",dest[300],src[300],c;
 int    seq, res;
 struct rpt_link *l;
 struct ast_frame wf;
@@ -2240,7 +2240,7 @@ struct    ast_frame wf;
                        myrpt->rem_dtmfbuf[myrpt->rem_dtmfidx] = 0;
                        
                        ast_mutex_unlock(&myrpt->lock);
-                       strcpy(cmd, myrpt->rem_dtmfbuf);
+                       strncpy(cmd, myrpt->rem_dtmfbuf, sizeof(cmd) - 1);
                        res = collect_function_digits(myrpt, cmd, SOURCE_LNK);
                        ast_mutex_lock(&myrpt->lock);
                        
@@ -2465,11 +2465,11 @@ static void rbi_out(struct rpt *myrpt,unsigned char *data)
 
 static int setrbi(struct rpt *myrpt)
 {
-char tmp[MAXREMSTR],rbicmd[5],*s;
+char tmp[MAXREMSTR] = "",rbicmd[5],*s;
 int    band,txoffset = 0,txpower = 0,rxpl;
 
        
-       strcpy(tmp,myrpt->freq);
+       strncpy(tmp, myrpt->freq, sizeof(tmp) - 1);
        s = strchr(tmp,'.');
        /* if no decimal, is invalid */
        
@@ -2682,7 +2682,7 @@ time_t    dtmf_time,t;
 struct rpt_link *l,*m;
 struct rpt_tele *telem;
 pthread_attr_t attr;
-char cmd[MAXDTMF+1];
+char cmd[MAXDTMF+1] = "";
 
 
        ast_mutex_lock(&myrpt->lock);
@@ -3090,7 +3090,7 @@ char cmd[MAXDTMF+1];
                                                        myrpt->dtmfbuf[myrpt->dtmfidx++] = c;
                                                        myrpt->dtmfbuf[myrpt->dtmfidx] = 0;
                                                        
-                                                       strcpy(cmd, myrpt->dtmfbuf);
+                                                       strncpy(cmd, myrpt->dtmfbuf, sizeof(cmd) - 1);
                                                        ast_mutex_unlock(&myrpt->lock);
                                                        
                                                        res = collect_function_digits(myrpt, cmd, SOURCE_RPT);
@@ -3528,8 +3528,8 @@ int       i,j,n,longestnode;
                /* if is a remote, dont start one for it */
                if (rpt_vars[i].remote)
                {
-                       strcpy(rpt_vars[i].freq,"146.460");
-                       strcpy(rpt_vars[i].rxpl,"100.0");
+                       strncpy(rpt_vars[i].freq, "146.460", sizeof(rpt_vars[i].freq) - 1);
+                       strncpy(rpt_vars[i].rxpl, "100.0", sizeof(rpt_vars[i].rxpl) - 1);
                        rpt_vars[i].offset = REM_SIMPLEX;
                        rpt_vars[i].powerlevel = REM_MEDPWR;
                        continue;
index 9aef3ba..b96330e 100755 (executable)
@@ -73,7 +73,7 @@ static int setcallerid_exec(struct ast_channel *chan, void *data)
                        strncpy(newcid, n, sizeof(newcid) - 1);
                }
        } else
-               strncpy(newcid, tmp, sizeof(newcid));
+               strncpy(newcid, tmp, sizeof(newcid) - 1);
        ast_set_callerid(chan, !ast_strlen_zero(newcid) ? newcid : NULL, anitoo);
        LOCAL_USER_REMOVE(u);
        return res;
index 77fecd4..f8251c6 100755 (executable)
@@ -320,7 +320,7 @@ sms_log (sms_t * h, char status)
        {
          char line[1000], *p;
          unsigned char n;
-         sprintf (line, "%s %c %s %s %s ", isodate (time (0)), status, h->queue, *h->oa ? h->oa : "-",
+         snprintf(line, sizeof(line), "%s %c %s %s %s ", isodate(time(0)), status, h->queue, *h->oa ? h->oa : "-",
                   *h->da ? h->da : "-");
          p = line + strlen (line);
          for (n = 0; n < h->udl; n++)
@@ -513,70 +513,72 @@ sms_readfile (sms_t * h, char *fn)
 static void
 sms_writefile (sms_t * h)
 {
-  char fn[200], fn2[200];
-  FILE *o;
-  strcpy (fn, "/var/spool/asterisk/sms");
-  mkdir (fn, 0777);            /* ensure it exists */
-  sprintf (fn + strlen (fn), "/%s.%s", h->smsc ? "me-sc" : "sc-me", h->queue);
-  mkdir (fn, 0777);            /* ensure it exists */
-  strcpy (fn2, fn);
-  strftime (fn2 + strlen (fn2), 30, "/%Y-%m-%d_%H:%M:%S", localtime (&h->scts));
-  sprintf (fn2 + strlen (fn2), "-%02X", h->mr);
-  sprintf (fn + strlen (fn), "/.%s", fn2 + strlen (fn) + 1);
-  o = fopen (fn, "w");
-  if (o)
-    {
-      fprintf (o, "mr=%d\n", h->mr);
-      if (*h->oa)
-       fprintf (o, "oa=%s\n", h->oa);
-      if (*h->da)
-       fprintf (o, "da=%s\n", h->da);
-      if (h->pid)
-       fprintf (o, "pid=%d\n", h->pid);
-      if (h->dcs != 0xF1)
-       fprintf (o, "dcs=%d\n", h->dcs);
-      if (h->vp)
-       fprintf (o, "srr=%d\n", h->vp);
-      if (h->srr)
-       fprintf (o, "srr=1\n");
-      if (h->rp)
-       fprintf (o, "rp=1\n");
-      if (h->scts)
-       fprintf (o, "scts=%s\n", isodate (h->scts));
-      if (h->udl)
+       char fn[200] = "";
+       char fn2[200] = "";
+       FILE *o;
+
+       strncpy(fn, "/var/spool/asterisk/sms", sizeof(fn) - 1);
+       mkdir (fn, 0777);               /* ensure it exists */
+       snprintf(fn + strlen(fn), sizeof(fn) - strlen(fn), "/%s.%s", h->smsc ? "me-sc" : "sc-me", h->queue);
+       mkdir (fn, 0777);               /* ensure it exists */
+       strncpy(fn2, fn, sizeof(fn2) - 1);
+       strftime(fn2 + strlen(fn2), sizeof(fn2) - strlen(fn2), "/%Y-%m-%d_%H:%M:%S", localtime(&h->scts));
+       snprintf(fn2 + strlen(fn2), sizeof(fn2) - strlen(fn2), "-%02X", h->mr);
+       snprintf(fn + strlen(fn), sizeof(fn) - strlen(fn), "/.%s", fn2 + strlen(fn) + 1);
+       o = fopen (fn, "w");
+       if (o)
        {
-         unsigned int p;
-         for (p = 0; p < h->udl && ((h->ud[p] >= 32 && h->ud[p] != 127) || h->ud[p] == '\n' || h->ud[p] == '\r'); p++);
-         if (p < h->udl)
-           {                   // use a hex format as unprintable characters
-             fprintf (o, "ud#");
-             for (p = 0; p < h->udl; p++)
-               fprintf (o, "%02X", h->ud[p]);
-             fprintf (o, "\n;");
-             /* followed by commented line using printable characters */
-           }
-         fprintf (o, "ud=");
-         for (p = 0; p < h->udl; p++)
-           {
-             if (h->ud[p] == '\\')
-               fprintf (o, "\\\\");
-             else if (h->ud[p] == '\r')
-               fprintf (o, "\\r");
-             else if (h->ud[p] == '\n')
-               fprintf (o, "\\n");
-             else if (h->ud[p] < 32 || h->ud[p] == 127)
-               fputc (191, o);
-             else
-               fputc (h->ud[p], o);
-           }
-         fprintf (o, "\n");
+               fprintf (o, "mr=%d\n", h->mr);
+               if (*h->oa)
+                       fprintf (o, "oa=%s\n", h->oa);
+               if (*h->da)
+                       fprintf (o, "da=%s\n", h->da);
+               if (h->pid)
+                       fprintf (o, "pid=%d\n", h->pid);
+               if (h->dcs != 0xF1)
+                       fprintf (o, "dcs=%d\n", h->dcs);
+               if (h->vp)
+                       fprintf (o, "srr=%d\n", h->vp);
+               if (h->srr)
+                       fprintf (o, "srr=1\n");
+               if (h->rp)
+                       fprintf (o, "rp=1\n");
+               if (h->scts)
+                       fprintf (o, "scts=%s\n", isodate (h->scts));
+               if (h->udl)
+               {
+                       unsigned int p;
+                       for (p = 0; p < h->udl && ((h->ud[p] >= 32 && h->ud[p] != 127) || h->ud[p] == '\n' || h->ud[p] == '\r'); p++);
+                       if (p < h->udl)
+                       {                       // use a hex format as unprintable characters
+                               fprintf (o, "ud#");
+                               for (p = 0; p < h->udl; p++)
+                                       fprintf (o, "%02X", h->ud[p]);
+                               fprintf (o, "\n;");
+                               /* followed by commented line using printable characters */
+                       }
+                       fprintf (o, "ud=");
+                       for (p = 0; p < h->udl; p++)
+                       {
+                               if (h->ud[p] == '\\')
+                                       fprintf (o, "\\\\");
+                               else if (h->ud[p] == '\r')
+                                       fprintf (o, "\\r");
+                               else if (h->ud[p] == '\n')
+                                       fprintf (o, "\\n");
+                               else if (h->ud[p] < 32 || h->ud[p] == 127)
+                                       fputc (191, o);
+                               else
+                                       fputc (h->ud[p], o);
+                       }
+                       fprintf (o, "\n");
+               }
+               fclose (o);
+               if (rename (fn, fn2))
+                       unlink (fn);
+               else
+                       ast_log (LOG_EVENT, "Received to %s\n", fn2);
        }
-      fclose (o);
-      if (rename (fn, fn2))
-       unlink (fn);
-      else
-       ast_log (LOG_EVENT, "Received to %s\n", fn2);
-    }
 }
 
 /* read dir skipping dot files... */
@@ -604,7 +606,7 @@ sms_handleincoming (sms_t * h)
          h->vp = 0;
          h->srr = ((h->imsg[2] & 0x20) ? 1 : 0);
          h->rp = ((h->imsg[2] & 0x80) ? 1 : 0);
-         strcpy (h->oa, h->cli);
+         strncpy (h->oa, h->cli, sizeof(h->oa) - 1);
          h->scts = time (0);
          h->mr = h->imsg[p++];
          p += unpackaddress (h->da, h->imsg + p);
@@ -683,12 +685,13 @@ sms_handleincoming (sms_t * h)
 static void
 sms_nextoutgoing (sms_t * h)
 {                              /* find and fill in next message, or send a REL if none waiting */
-  char fn[100 + NAME_MAX];
+  char fn[100 + NAME_MAX] = "";
   DIR *d;
   char more = 0;
-  strcpy (fn, "/var/spool/asterisk/sms");
-  mkdir (fn, 0777);            /* ensure it exists */
-  sprintf (fn + strlen (fn), "/%s.%s", h->smsc ? "sc-me" : "me-sc", h->queue);
+
+  strncpy(fn, "/var/spool/asterisk/sms", sizeof(fn) - 1);
+  mkdir(fn, 0777);             /* ensure it exists */
+  snprintf(fn + strlen (fn), sizeof(fn) - strlen(fn), "/%s.%s", h->smsc ? "sc-me" : "me-sc", h->queue);
   mkdir (fn, 0777);            /* ensure it exists */
   d = opendir (fn);
   if (d)
@@ -696,7 +699,7 @@ sms_nextoutgoing (sms_t * h)
       struct dirent *f = readdirdot (d);
       if (f)
        {
-         sprintf (fn + strlen (fn), "/%s", f->d_name);
+         snprintf(fn + strlen(fn), sizeof(fn) - strlen(fn), "/%s", f->d_name);
          sms_readfile (h, fn);
          if (readdirdot (d))
            more = 1;           /* more to send */
@@ -1033,160 +1036,155 @@ generate:sms_generate,
 };
 
 static int
-sms_exec (struct ast_channel *chan, void *data)
+sms_exec(struct ast_channel *chan, void *data)
 {
-  int res = -1;
-  struct localuser *u;
-  struct ast_frame *f;
-  sms_t h = { 0 };
-  h.ipc0 = h.ipc1 = 20;                /* phase for cosine */
-  h.dcs = 0xF1;                        /* default */
-  if (!data)
-    {
-      ast_log (LOG_ERROR, "Requires queue name at least\n");
-      return -1;
-    }
+       int res = -1;
+       struct localuser *u;
+       struct ast_frame *f;
+       sms_t h = { 0 };
 
-  if (chan->callerid)
-    {                          /* get caller ID. Used as originating address on sc side receives */
-      char temp[256], *name, *num;
-      strncpy (temp, chan->callerid, sizeof (temp));
-      ast_callerid_parse (temp, &name, &num);
-      if (!num)
-       num = temp;
-      ast_shrink_phone_number (num);
-      if (strlen (num) < sizeof (h.cli))
-       strcpy (h.cli, num);
-    }
+       h.ipc0 = h.ipc1 = 20;           /* phase for cosine */
+       h.dcs = 0xF1;                   /* default */
+       if (!data) {
+               ast_log (LOG_ERROR, "Requires queue name at least\n");
+               return -1;
+       }
 
-  {
-    char *d = data, *p, answer = 0;
-    if (!*d || *d == '|')
-      {
-       ast_log (LOG_ERROR, "Requires queue name\n");
-       return -1;
-      }
-    for (p = d; *p && *p != '|'; p++);
-    if (p - d >= sizeof (h.queue))
-      {
-       ast_log (LOG_ERROR, "Queue name too long\n");
-       return -1;
-      }
-    strncpy (h.queue, d, p - d);
-    if (*p == '|')
-      p++;
-    d = p;
-    for (p = h.queue; *p; p++)
-      if (!isalnum (*p))
-       *p = '-';               /* make very safe for filenames */
-    while (*d && *d != '|')
-      {
-       switch (*d)
-         {
-         case 'a':             /* we have to send the initial FSK sequence */
-           answer = 1;
-           break;
-         case 's':             /* we are acting as a service centre talking to a phone */
-           h.smsc = 1;
-           break;
-           /* the following apply if there is an arg3/4 and apply to the created message file */
-         case 'r':
-           h.srr = 1;
-           break;
-         case 'o':
-           h.dcs |= 4;         /* octets */
-           break;
-         case '1':
-         case '2':
-         case '3':
-         case '4':
-         case '5':
-         case '6':
-         case '7':             /* set the pid for saved local message */
-           h.pid = 0x40 + (*d & 0xF);
-           break;
-         }
-       d++;
-      }
-    if (*d == '|')
-      {                                /* submitting a message, not taking call. */
-       d++;
-       h.scts = time (0);
-       for (p = d; *p && *p != '|'; p++);
-       if (*p)
-         *p++ = 0;
-       if (strlen (d) >= sizeof (h.oa))
-         {
-           ast_log (LOG_ERROR, "Address too long %s\n", d);
-           return 0;
-         }
-       strcpy (h.smsc ? h.oa : h.da, d);
-       if (!h.smsc)
-         strcpy (h.oa, h.cli);
-       d = p;
-       if (!(h.dcs & 4) && check7 (h.udl, h.ud))
-         ast_log (LOG_WARNING, "Invalid GSM characters in %.*s\n", h.udl, h.ud);
-       if (strlen (d) > ((h.dcs & 4) ? 140 : 160))
-         {
-           ast_log (LOG_ERROR, "Message too long %s\n", d);
-           h.udl = ((h.dcs & 4) ? 140 : 160);
-         }
-       else
-         h.udl = strlen (d);
-       if (h.udl)
-         memcpy (h.ud, d, h.udl);
-       h.smsc = !h.smsc;       /* file woul go in wrong directory otherwise... */
-       sms_writefile (&h);
-       return 0;
-      }
+       if (chan->callerid) {
+               /* get caller ID. Used as originating address on sc side receives */
+               char temp[256], *name, *num;
+               strncpy (temp, chan->callerid, sizeof(temp) - 1);
+               ast_callerid_parse (temp, &name, &num);
+               if (!num)
+                       num = temp;
+               ast_shrink_phone_number (num);
+               if (strlen (num) < sizeof (h.cli))
+                       strncpy(h.cli, num, sizeof(h.cli) - 1);
+       }
 
-    if (answer)
-      {                                /* set up SMS_EST initial message */
-       h.omsg[0] = 0x93;
-       h.omsg[1] = 0;
-       sms_messagetx (&h);
-      }
-  }
+       {
+               char *d = data, *p, answer = 0;
+               if (!*d || *d == '|') {
+                       ast_log (LOG_ERROR, "Requires queue name\n");
+                       return -1;
+               }
+               for (p = d; *p && *p != '|'; p++);
+               if (p - d >= sizeof (h.queue)) {
+                       ast_log (LOG_ERROR, "Queue name too long\n");
+                       return -1;
+               }
+               strncpy(h.queue, d, p - d - 1);
+               if (*p == '|')
+                       p++;
+               d = p;
+               for (p = h.queue; *p; p++)
+               if (!isalnum (*p))
+                       *p = '-';               /* make very safe for filenames */
+               while (*d && *d != '|') {
+                       switch (*d) {
+                               case 'a':               /* we have to send the initial FSK sequence */
+                                       answer = 1;
+                                       break;
+                               case 's':               /* we are acting as a service centre talking to a phone */
+                                       h.smsc = 1;
+                                       break;
+                               /* the following apply if there is an arg3/4 and apply to the created message file */
+                               case 'r':
+                                       h.srr = 1;
+                                       break;
+                               case 'o':
+                                       h.dcs |= 4;             /* octets */
+                                       break;
+                               case '1':
+                               case '2':
+                               case '3':
+                               case '4':
+                               case '5':
+                               case '6':
+                               case '7':               /* set the pid for saved local message */
+                                       h.pid = 0x40 + (*d & 0xF);
+                                       break;
+                       }
+                       d++;
+               }
+               if (*d == '|') {
+                       /* submitting a message, not taking call. */
+                       d++;
+                       h.scts = time (0);
+                       for (p = d; *p && *p != '|'; p++);
+                       if (*p)
+                               *p++ = 0;
+                       if (strlen (d) >= sizeof (h.oa)) {
+                               ast_log (LOG_ERROR, "Address too long %s\n", d);
+                               return 0;
+                       }
+                       if (h.smsc) {
+                               strncpy(h.oa, d, sizeof(h.oa) - 1);
+                       }
+                       else {
+                               strncpy(h.da, d, sizeof(h.da) - 1);
+                       }
+                       if (!h.smsc)
+                               strncpy(h.oa, h.cli, sizeof(h.oa) - 1);
+                       d = p;
+                       if (!(h.dcs & 4) && check7 (h.udl, h.ud))
+                               ast_log (LOG_WARNING, "Invalid GSM characters in %.*s\n", h.udl, h.ud);
+                       if (strlen (d) > ((h.dcs & 4) ? 140 : 160)) {
+                               ast_log (LOG_ERROR, "Message too long %s\n", d);
+                               h.udl = ((h.dcs & 4) ? 140 : 160);
+                       }
+                       else
+                               h.udl = strlen (d);
+                       if (h.udl)
+                               memcpy (h.ud, d, h.udl);
+                       h.smsc = !h.smsc;       /* file woul go in wrong directory otherwise... */
+                       sms_writefile (&h);
+                       return 0;
+               }
 
-  LOCAL_USER_ADD (u);
-  if (chan->_state != AST_STATE_UP)
-    ast_answer (chan);
+               if (answer) {
+                       /* set up SMS_EST initial message */
+                       h.omsg[0] = 0x93;
+                       h.omsg[1] = 0;
+                       sms_messagetx (&h);
+               }
+       }
 
-  res = ast_set_write_format (chan, AST_FORMAT_SLINEAR);
-  if (res >= 0)
-    res = ast_set_read_format (chan, AST_FORMAT_SLINEAR);
-  if (res < 0)
-    {
-      LOCAL_USER_REMOVE (u);
-      ast_log (LOG_ERROR, "Unable to set to linear mode, giving up\n");
-      return -1;
-    }
+       LOCAL_USER_ADD (u);
+       if (chan->_state != AST_STATE_UP)
+               ast_answer (chan);
 
-  if (ast_activate_generator (chan, &smsgen, &h) < 0)
-    {
-      LOCAL_USER_REMOVE (u);
-      ast_log (LOG_ERROR, "Failed to activate generator on '%s'\n", chan->name);
-      return -1;
-    }
+       res = ast_set_write_format (chan, AST_FORMAT_SLINEAR);
+       if (res >= 0)
+               res = ast_set_read_format (chan, AST_FORMAT_SLINEAR);
+       if (res < 0) {
+               LOCAL_USER_REMOVE (u);
+               ast_log (LOG_ERROR, "Unable to set to linear mode, giving up\n");
+               return -1;
+       }
 
-  /* Do our thing here */
-  while (ast_waitfor (chan, -1) > -1 && !h.hangup)
-    {
-      f = ast_read (chan);
-      if (!f)
-       break;
-      if (f->frametype == AST_FRAME_VOICE)
-       {
-         sms_process (&h, f->samples, f->data);
+       if (ast_activate_generator (chan, &smsgen, &h) < 0) {
+               LOCAL_USER_REMOVE (u);
+               ast_log (LOG_ERROR, "Failed to activate generator on '%s'\n", chan->name);
+               return -1;
        }
 
-      ast_frfree (f);
-    }
+       /* Do our thing here */
+       while (ast_waitfor (chan, -1) > -1 && !h.hangup) {
+               f = ast_read (chan);
+               if (!f)
+                       break;
+               if (f->frametype == AST_FRAME_VOICE) {
+                       sms_process (&h, f->samples, f->data);
+               }
+
+               ast_frfree (f);
+       }
 
-  sms_log (&h, '?');           /* log incomplete message */
+       sms_log (&h, '?');              /* log incomplete message */
 
-  LOCAL_USER_REMOVE (u);
-  return h.hangup;
+       LOCAL_USER_REMOVE (u);
+       return(h.hangup);
 }
 
 int
index b6e3e3c..1620df6 100755 (executable)
@@ -210,8 +210,8 @@ static int del_identifier(int identifier,int identifier_type) {
 
 static int aPGSQL_connect(struct ast_channel *chan, void *data) {
        
-       char *s1,*s4;
-       char s[100];
+       char *s1;
+       char s[100] = "";
        char *optionstring;
        char *var;
        int l;
@@ -224,7 +224,7 @@ static int aPGSQL_connect(struct ast_channel *chan, void *data) {
        res=0;
        l=strlen(data)+2;
        s1=malloc(l);
-       strncpy(s1,data,l);
+       strncpy(s1, data, l -1);
        stringp=s1;
        strsep(&stringp," "); // eat the first token, we already know it :P 
        var=strsep(&stringp," ");
@@ -238,8 +238,7 @@ static int aPGSQL_connect(struct ast_channel *chan, void *data) {
         } else {
                ast_log(LOG_WARNING,"adding identifier\n");
                id=add_identifier(AST_PGSQL_ID_CONNID,karoto);
-               s4=&s[0];
-               sprintf(s4,"%d",id);
+               snprintf(s, sizeof(s), "%d", id);
                pbx_builtin_setvar_helper(chan,var,s);
        }
        
@@ -250,8 +249,8 @@ static int aPGSQL_connect(struct ast_channel *chan, void *data) {
 static int aPGSQL_query(struct ast_channel *chan, void *data) {
        
 
-       char *s1,*s2,*s3,*s4,*s5;
-       char s[100];
+       char *s1,*s2,*s3,*s4;
+       char s[100] = "";
        char *querystring;
        char *var;
        int l;
@@ -266,7 +265,7 @@ static int aPGSQL_query(struct ast_channel *chan, void *data) {
        l=strlen(data)+2;
        s1=malloc(l);
        s2=malloc(l);
-       strcpy(s1,data);
+       strncpy(s1, data, l - 1);
        stringp=s1;
        strsep(&stringp," "); // eat the first token, we already know it :P 
        s3=strsep(&stringp," ");
@@ -295,8 +294,7 @@ static int aPGSQL_query(struct ast_channel *chan, void *data) {
                }
                nres=PQnfields(PGSQLres); 
                id1=add_identifier(AST_PGSQL_ID_RESID,PGSQLres);
-               s5=&s[0];
-               sprintf(s5,"%d",id1);
+               snprintf(s, sizeof(s), "%d", id1);
                pbx_builtin_setvar_helper(chan,var,s);
                break;
        }
@@ -330,7 +328,7 @@ static int aPGSQL_fetch(struct ast_channel *chan, void *data) {
        s7=NULL;
        s1=malloc(l);
        s2=malloc(l);
-       strcpy(s1,data);
+       strncpy(s1, data, l - 1);
        stringp=s1;
        strsep(&stringp," "); // eat the first token, we already know it :P 
        fetchid_var=strsep(&stringp," ");
@@ -391,8 +389,7 @@ static int aPGSQL_fetch(struct ast_channel *chan, void *data) {
            ast_log(LOG_WARNING,"ast_PGSQL_fetch : EOF\n");
            id1 = 0; // no more rows
                }
-               s5=&s[0];
-               sprintf(s5,"%d",id1);
+               snprintf(s, sizeof(s), "%d", id1);
          ast_log(LOG_WARNING,"Setting var '%s' to value '%s'\n",fetchid_var,s);
          pbx_builtin_setvar_helper(chan,fetchid_var,s);
                break;
@@ -414,7 +411,7 @@ static int aPGSQL_reset(struct ast_channel *chan, void *data) {
        
        l=strlen(data)+2;
        s1=malloc(l);
-       strcpy(s1,data);
+       strncpy(s1, data, l - 1);
        stringp=s1;
        strsep(&stringp," "); // eat the first token, we already know it :P 
        s3=strsep(&stringp," ");
@@ -440,7 +437,7 @@ static int aPGSQL_clear(struct ast_channel *chan, void *data) {
        
        l=strlen(data)+2;
        s1=malloc(l);
-       strcpy(s1,data);
+       strncpy(s1, data, l - 1);
        stringp=s1;
        strsep(&stringp," "); // eat the first token, we already know it :P 
        s3=strsep(&stringp," ");
@@ -470,7 +467,7 @@ static int aPGSQL_disconnect(struct ast_channel *chan, void *data) {
        
        l=strlen(data)+2;
        s1=malloc(l);
-       strcpy(s1,data);
+       strncpy(s1, data, l - 1);
        stringp=s1;
        strsep(&stringp," "); // eat the first token, we already know it :P 
        s3=strsep(&stringp," ");
index 600f0bd..82d513f 100755 (executable)
@@ -45,16 +45,27 @@ LOCAL_USER_DECL;
 
 static int striplsd_exec(struct ast_channel *chan, void *data)
 {
-  char newexten[AST_MAX_EXTENSION] = "";
-  if (!data || !atoi(data)) {
-    ast_log(LOG_DEBUG, "Ignoring, since number of digits to strip is 0\n");
-    return 0;
-  }
-  if (strlen(chan->exten) > atoi(data)) {
-    strncpy(newexten, chan->exten, strlen(chan->exten)-atoi(data));
-  }
-  strncpy(chan->exten, newexten, sizeof(chan->exten)-1);
-  return 0;
+       char newexten[AST_MAX_EXTENSION] = "";
+       int maxbytes = 0;
+       int stripcount = 0;
+       int extlen = strlen(chan->exten);
+
+       maxbytes = sizeof(newexten) - 1;
+       if (data) {
+               stripcount = atoi(data);
+       }
+       if (!stripcount) {
+               ast_log(LOG_DEBUG, "Ignoring, since number of digits to strip is 0\n");
+               return 0;
+       }
+       if (extlen > stripcount) {
+               if (extlen - stripcount <= maxbytes) {
+                       maxbytes = extlen - stripcount;
+               }
+               strncpy(newexten, chan->exten, maxbytes);
+       }
+       strncpy(chan->exten, newexten, sizeof(chan->exten)-1);
+       return 0;
 }
 
 int unload_module(void)
index d2b2f8c..fb6d81f 100755 (executable)
@@ -59,9 +59,10 @@ static int substring_exec(struct ast_channel *chan, void *data)
   char newexten[AST_MAX_EXTENSION] = "";
   char *count1, *count2;
   char *first, *second, *stringp;
+
   stringp=alloca(strlen(data)+1);
   ast_log(LOG_WARNING, "The use of Substring application is deprecated. Please use ${variable:a:b} instead\n");
-  strncpy(stringp,data,strlen(data)+1);
+  strncpy(stringp,data,strlen(data));
   if (strchr(stringp,'|')&&strchr(stringp,'=')) {
     int icount1,icount2;
     first=strsep(&stringp,"=");
index a727e18..418f158 100755 (executable)
@@ -40,7 +40,7 @@ static char *descrip =
 
 #define ENUM_CONFIG "enum.conf"
 
-static char h323driver[80];
+static char h323driver[80] = "";
 #define H323DRIVERDEFAULT "H323"
 
 STANDARD_LOCAL_USER;
@@ -90,9 +90,9 @@ static int load_config(void)
        cfg = ast_load(ENUM_CONFIG);
        if (cfg) {
                if (!(s=ast_variable_retrieve(cfg, "general", "h323driver"))) {
-                       strcpy(h323driver, H323DRIVERDEFAULT);
+                       strncpy(h323driver, H323DRIVERDEFAULT, sizeof(h323driver) - 1);
                } else {
-                       strcpy(h323driver, s);
+                       strncpy(h323driver, s, sizeof(h323driver) - 1);
                }
                ast_destroy(cfg);
                return 0;
index 22fedbf..40d9e92 100755 (executable)
@@ -365,7 +365,7 @@ static void apply_options(struct ast_vm_user *vmu, char *options)
 #ifdef USEPOSTGRESVM
 
 PGconn *dbhandler;
-char   dboption[256];
+char   dboption[256] = "";
 AST_MUTEX_DEFINE_STATIC(postgreslock);
 
 static int sql_init(void)
@@ -407,17 +407,17 @@ static struct ast_vm_user *find_user(struct ast_vm_user *ivm, char *context, cha
                memset(retval, 0, sizeof(struct ast_vm_user));
                retval->alloced=1;
                if (mailbox) {
-                       strcpy(retval->mailbox, mailbox);
+                       strncpy(retval->mailbox, mailbox, sizeof(retval->mailbox) - 1);
                }
                if (context) {
-                       strcpy(retval->context, context);
+                       strncpy(retval->context, context, sizeof(retval->context) - 1);
                }
                else
                {
-                       strcpy(retval->context, "default");
+                       strncpy(retval->context, "default", sizeof(retval->context) - 1);
                }
                populate_defaults(retval);
-               sprintf(query, "SELECT password,fullname,email,pager,options FROM voicemail WHERE context='%s' AND mailbox='%s'", retval->context, mailbox);
+               snprintf(query, sizeof(query), "SELECT password,fullname,email,pager,options FROM voicemail WHERE context='%s' AND mailbox='%s'", retval->context, mailbox);
                
 /*     fprintf(stderr,"postgres find_user: query = %s\n",query); */
                ast_mutex_lock(&postgreslock);
@@ -480,14 +480,14 @@ static void vm_change_password(struct ast_vm_user *vmu, char *password)
        char query[400];
 
        if (*vmu->context) {
-               sprintf(query, "UPDATE voicemail SET password='%s' WHERE context='%s' AND mailbox='%s' AND (password='%s' OR password IS NULL)", password, vmu->context, vmu->mailbox, vmu->password);
+               snprintf(query, sizeof(query), "UPDATE voicemail SET password='%s' WHERE context='%s' AND mailbox='%s' AND (password='%s' OR password IS NULL)", password, vmu->context, vmu->mailbox, vmu->password);
        } else {
-               sprintf(query, "UPDATE voicemail SET password='%s' WHERE mailbox='%s' AND (password='%s' OR password IS NULL)", password, vmu->mailbox, vmu->password);
+               snprintf(query, sizeof(query), "UPDATE voicemail SET password='%s' WHERE mailbox='%s' AND (password='%s' OR password IS NULL)", password, vmu->mailbox, vmu->password);
        }
 /*     fprintf(stderr,"postgres change_password: query = %s\n",query); */
        ast_mutex_lock(&postgreslock);
        PQexec(dbhandler, query);
-       strcpy(vmu->password, password);
+       strncpy(vmu->password, password, sizeof(vmu->password) - 1);
        ast_mutex_unlock(&postgreslock);
 }
 
@@ -496,9 +496,9 @@ static void reset_user_pw(char *context, char *mailbox, char *password)
        char query[320];
 
        if (context) {
-               sprintf(query, "UPDATE voicemail SET password='%s' WHERE context='%s' AND mailbox='%s'", password, context, mailbox);
+               snprintf(query, sizeof(query), "UPDATE voicemail SET password='%s' WHERE context='%s' AND mailbox='%s'", password, context, mailbox);
        } else {
-               sprintf(query, "UPDATE voicemail SET password='%s' WHERE mailbox='%s'", password, mailbox);
+               snprintf(query, sizeof(query),  "UPDATE voicemail SET password='%s' WHERE mailbox='%s'", password, mailbox);
        }
        ast_mutex_lock(&postgreslock);
 /*     fprintf(stderr,"postgres reset_user_pw: query = %s\n",query); */
@@ -807,12 +807,12 @@ static int base_encode(char *filename, FILE *so)
        return 1;
 }
 
-static void prep_email_sub_vars(struct ast_channel *ast, struct ast_vm_user *vmu, int msgnum, char *mailbox, char *callerid, char *dur, char *date, char *passdata)
+static void prep_email_sub_vars(struct ast_channel *ast, struct ast_vm_user *vmu, int msgnum, char *mailbox, char *callerid, char *dur, char *date, char *passdata, size_t passdatasize)
 {
        /* Prepare variables for substition in email body and subject */
        pbx_builtin_setvar_helper(ast, "VM_NAME", vmu->fullname);
        pbx_builtin_setvar_helper(ast, "VM_DUR", dur);
-       sprintf(passdata,"%d",msgnum);
+       snprintf(passdata, passdatasize, "%d", msgnum);
        pbx_builtin_setvar_helper(ast, "VM_MSGNUM", passdata);
        pbx_builtin_setvar_helper(ast, "VM_MAILBOX", mailbox);
        pbx_builtin_setvar_helper(ast, "VM_CALLERID", (callerid ? callerid : "an unknown caller"));
@@ -889,7 +889,7 @@ static int sendmail(char *srcemail, struct ast_vm_user *vmu, int msgnum, char *m
                                int vmlen = strlen(fromstring)*3 + 200;
                                if ((passdata = alloca(vmlen))) {
                                        memset(passdata, 0, vmlen);
-                                       prep_email_sub_vars(ast,vmu,msgnum + 1,mailbox,callerid,dur,date,passdata);
+                                       prep_email_sub_vars(ast,vmu,msgnum + 1,mailbox,callerid,dur,date,passdata, vmlen);
                                        pbx_substitute_variables_helper(ast,fromstring,passdata,vmlen);
                                        fprintf(p, "From: %s <%s>\n",passdata,who);
                                } else ast_log(LOG_WARNING, "Cannot allocate workspace for variable substitution\n");
@@ -906,7 +906,7 @@ static int sendmail(char *srcemail, struct ast_vm_user *vmu, int msgnum, char *m
                                int vmlen = strlen(emailsubject)*3 + 200;
                                if ((passdata = alloca(vmlen))) {
                                        memset(passdata, 0, vmlen);
-                                       prep_email_sub_vars(ast,vmu,msgnum + 1,mailbox,callerid,dur,date,passdata);
+                                       prep_email_sub_vars(ast,vmu,msgnum + 1,mailbox,callerid,dur,date,passdata, vmlen);
                                        pbx_substitute_variables_helper(ast,emailsubject,passdata,vmlen);
                                        fprintf(p, "Subject: %s\n",passdata);
                                } else ast_log(LOG_WARNING, "Cannot allocate workspace for variable substitution\n");
@@ -942,7 +942,7 @@ static int sendmail(char *srcemail, struct ast_vm_user *vmu, int msgnum, char *m
                                int vmlen = strlen(emailbody)*3 + 200;
                                if ((passdata = alloca(vmlen))) {
                                        memset(passdata, 0, vmlen);
-                                       prep_email_sub_vars(ast,vmu,msgnum + 1,mailbox,callerid,dur,date,passdata);
+                                       prep_email_sub_vars(ast,vmu,msgnum + 1,mailbox,callerid,dur,date,passdata, vmlen);
                                        pbx_substitute_variables_helper(ast,emailbody,passdata,vmlen);
                                        fprintf(p, "%s\n",passdata);
                                } else ast_log(LOG_WARNING, "Cannot allocate workspace for variable substitution\n");
@@ -1139,7 +1139,7 @@ static int play_and_prepend(struct ast_channel *chan, char *playfile, char *reco
                        return -1;
        }
        strncpy(prependfile, recordfile, sizeof(prependfile) -1);       
-       strcat(prependfile, "-prepend");
+       strncat(prependfile, "-prepend", sizeof(prependfile) - strlen(prependfile) - 1);
                        
        fmts = ast_strdupa(fmt);
        
@@ -1740,16 +1740,16 @@ static int leave_voicemail(struct ast_channel *chan, char *ext, int silent, int
 
                /* Check current or macro-calling context for special extensions */
                if (ast_exists_extension(chan, chan->context, "o", 1, chan->callerid))
-                       strcat(ecodes, "0");
+                       strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
                else if (!ast_strlen_zero(chan->macrocontext) && ast_exists_extension(chan, chan->macrocontext, "o", 1, chan->callerid)) {
-                       strcat(ecodes, "0");
+                       strncat(ecodes, "0", sizeof(ecodes) - strlen(ecodes) - 1);
                        ousemacro = 1;
                }
 
                if (ast_exists_extension(chan, chan->context, "a", 1, chan->callerid))
-                       strcat(ecodes, "*");
+                       strncat(ecodes, "*", sizeof(ecodes) -  strlen(ecodes) - 1);
                else if (!ast_strlen_zero(chan->macrocontext) && ast_exists_extension(chan, chan->macrocontext, "a", 1, chan->callerid)) {
-                       strcat(ecodes, "*");
+                       strncat(ecodes, "*", sizeof(ecodes) -  strlen(ecodes) - 1);
                        ausemacro = 1;
                }
 
@@ -2333,7 +2333,7 @@ static void adsi_delete(struct ast_channel *chan, struct vm_state *vms)
 
 static void adsi_status(struct ast_channel *chan, struct vm_state *vms)
 {
-       char buf[256], buf1[256], buf2[256];
+       char buf[256] = "", buf1[256] = "", buf2[256] = "";
        int bytes=0;
        unsigned char keys[8];
        int x;
@@ -2345,7 +2345,7 @@ static void adsi_status(struct ast_channel *chan, struct vm_state *vms)
        if (vms->newmessages) {
                snprintf(buf1, sizeof(buf1), "You have %d new", vms->newmessages);
                if (vms->oldmessages) {
-                       strcat(buf1, " and");
+                       strncat(buf1, " and", sizeof(buf1) - strlen(buf1) - 1);
                        snprintf(buf2, sizeof(buf2), "%d old %s.", vms->oldmessages, oldm);
                } else {
                        snprintf(buf2, sizeof(buf2), "%s.", newm);
@@ -2354,8 +2354,9 @@ static void adsi_status(struct ast_channel *chan, struct vm_state *vms)
                snprintf(buf1, sizeof(buf1), "You have %d old", vms->oldmessages);
                snprintf(buf2, sizeof(buf2), "%s.", oldm);
        } else {
-               strcpy(buf1, "You have no messages.");
-               strcpy(buf2, " ");
+               strncpy(buf1, "You have no messages.", sizeof(buf1) - 1);
+               buf2[0] = ' ';
+               buf2[1] = '\0';
        }
        bytes += adsi_display(buf + bytes, ADSI_COMM_PAGE, 1, ADSI_JUST_LEFT, 0, buf1, "");
        bytes += adsi_display(buf + bytes, ADSI_COMM_PAGE, 2, ADSI_JUST_LEFT, 0, buf2, "");
@@ -2378,7 +2379,7 @@ static void adsi_status(struct ast_channel *chan, struct vm_state *vms)
 
 static void adsi_status2(struct ast_channel *chan, struct vm_state *vms)
 {
-       char buf[256], buf1[256], buf2[256];
+       char buf[256] = "", buf1[256] = "", buf2[256] = "";
        int bytes=0;
        unsigned char keys[8];
        int x;
@@ -2404,7 +2405,7 @@ static void adsi_status2(struct ast_channel *chan, struct vm_state *vms)
        if (vms->lastmsg + 1)
                snprintf(buf2, sizeof(buf2), "%d %s.", vms->lastmsg + 1, mess);
        else
-               strcpy(buf2, "no messages.");
+               strncpy(buf2, "no messages.", sizeof(buf2) - 1);
        bytes += adsi_display(buf + bytes, ADSI_COMM_PAGE, 1, ADSI_JUST_LEFT, 0, buf1, "");
        bytes += adsi_display(buf + bytes, ADSI_COMM_PAGE, 2, ADSI_JUST_LEFT, 0, buf2, "");
        bytes += adsi_display(buf + bytes, ADSI_COMM_PAGE, 3, ADSI_JUST_LEFT, 0, "", "");
@@ -2784,9 +2785,9 @@ static int play_message_datetime(struct ast_channel *chan, struct ast_vm_user *v
 
        /* Day difference */
        if (time_now.tm_year == time_then.tm_year)
-               sprintf(temp,"%d",time_now.tm_yday);
+               snprintf(temp,sizeof(temp),"%d",time_now.tm_yday);
        else
-               sprintf(temp,"%d",(time_now.tm_year - time_then.tm_year) * 365 + (time_now.tm_yday - time_then.tm_yday));
+               snprintf(temp,sizeof(temp),"%d",(time_now.tm_year - time_then.tm_year) * 365 + (time_now.tm_yday - time_then.tm_yday));
        pbx_builtin_setvar_helper(chan, "DIFF_DAY", temp);
 
        /* Can't think of how other diffs might be helpful, but I'm sure somebody will think of something. */
@@ -4278,7 +4279,7 @@ static int load_config(void)
                                        q = strsep(&stringp,",");
                                        while ((*q == ' ')||(*q == '\t')) /* Eat white space between contexts */
                                                q++;
-                                       strcpy(cidinternalcontexts[x],q);
+                                       strncpy(cidinternalcontexts[x], q, sizeof(cidinternalcontexts[x]) - 1);
                                        ast_log(LOG_DEBUG,"VM_CID Internal context %d: %s\n", x, cidinternalcontexts[x]);
                                } else {
                                        cidinternalcontexts[x][0] = '\0';
@@ -4342,32 +4343,32 @@ static int load_config(void)
 
 #ifdef USEMYSQLVM
                if (!(s=ast_variable_retrieve(cfg, "general", "dbuser"))) {
-                       strcpy(dbuser, "test");
+                       strncpy(dbuser, "test", sizeof(dbuser) - 1);
                } else {
-                       strcpy(dbuser, s);
+                       strncpy(dbuser, s, sizeof(dbuser) - 1);
                }
                if (!(s=ast_variable_retrieve(cfg, "general", "dbpass"))) {
-                       strcpy(dbpass, "test");
+                       strncpy(dbpass, "test", sizeof(dbpass) - 1);
                } else {
-                       strcpy(dbpass, s);
+                       strncpy(dbpass, s, sizeof(dbpass) - 1);
                }
                if (!(s=ast_variable_retrieve(cfg, "general", "dbhost"))) {
-                       strcpy(dbhost, "");
+                       dbhost[0] = '\0';
                } else {
-                       strcpy(dbhost, s);
+                       strncpy(dbhost, s, sizeof(dbhost) - 1);
                }
                if (!(s=ast_variable_retrieve(cfg, "general", "dbname"))) {
-                       strcpy(dbname, "vmdb");
+                       strncpy(dbname, "vmdb", sizeof(dbname) - 1);
                } else {
-                       strcpy(dbname, s);
+                       strncpy(dbname, s, sizeof(dbname) - 1);
                }
 #endif
 
 #ifdef USEPOSTGRESVM
                if (!(s=ast_variable_retrieve(cfg, "general", "dboption"))) {
-                       strcpy(dboption, "dboption not-specified in voicemail.conf");
+                       strncpy(dboption, "dboption not-specified in voicemail.conf", sizeof(dboption) - 1);
                } else {
-                       strcpy(dboption, s);
+                       strncpy(dboption, s, sizeof(dboption) - 1);
                }
 #endif
                cat = ast_category_browse(cfg, NULL);
@@ -4916,9 +4917,14 @@ static int play_record_review(struct ast_channel *chan, char *playfile, char *re
 static int vm_delete(char *file)
 {
        char *txt;
-       txt = (char *)alloca((strlen(file) + 5)*sizeof(char));
-       /* Sprintf here is safe because we alloca'd exactly the right length */
-       sprintf(txt, "%s.txt", file);
+       int txtsize = 0;
+
+       txtsize = (strlen(file) + 5)*sizeof(char);
+       txt = (char *)alloca(txtsize);
+       /* Sprintf here would safe because we alloca'd exactly the right length,
+        * but trying to eliminate all sprintf's anyhow
+        */
+       snprintf(txt, txtsize, "%s.txt", file);
        unlink(txt);
        return ast_filedelete(file, NULL);
 }
index 852d9ab..d34cd19 100755 (executable)
@@ -249,7 +249,7 @@ static int conf_exec(struct ast_channel *chan, void *data)
        int retrycnt = 0;
        int confflags = 0;
        int confno = 0;
-       char confstr[80];
+       char confstr[80] = "";
 
        if (data && !ast_strlen_zero(data)) {
                if ((sscanf(data, "Zap/%d", &confno) != 1) &&
@@ -264,7 +264,7 @@ static int conf_exec(struct ast_channel *chan, void *data)
 
        while(!confno && (++retrycnt < 4)) {
                /* Prompt user for conference number */
-               strcpy(confstr, "");
+               confstr[0] = '\0';
                res = ast_app_getdata(chan, "conf-getchannel",confstr, sizeof(confstr) - 1, 0);
                if (res <0) goto out;
                if (sscanf(confstr, "%d", &confno) != 1)
index 178cc51..b6f96c7 100755 (executable)
@@ -284,7 +284,7 @@ static int conf_exec(struct ast_channel *chan, void *data)
         struct localuser *u;
         int confflags = 0;
         int confno = 0;
-        char confstr[80], *tmp;
+        char confstr[80] = "", *tmp;
         struct ast_channel *tempchan = NULL, *lastchan = NULL,*ichan = NULL;
                struct ast_frame *f;
                int input=0;
@@ -319,7 +319,7 @@ static int conf_exec(struct ast_channel *chan, void *data)
                                break;
                        if ( tempchan && tempchan->type && (!strcmp(tempchan->type, "Zap")) && (tempchan != chan) ) {
                                ast_verbose(VERBOSE_PREFIX_3 "Zap channel %s is in-use, monitoring...\n", tempchan->name);
-                               strcpy(confstr, tempchan->name);
+                               strncpy(confstr, tempchan->name, sizeof(confstr) - 1);
                                ast_mutex_unlock(&tempchan->lock);
                                if ((tmp = strchr(confstr,'-'))) {
                                        *tmp = '\0';