Last set of strncpy/snprintf updates (bug #2049)
authorMark Spencer <markster@digium.com>
Fri, 16 Jul 2004 04:40:54 +0000 (04:40 +0000)
committerMark Spencer <markster@digium.com>
Fri, 16 Jul 2004 04:40:54 +0000 (04:40 +0000)
git-svn-id: https://origsvn.digium.com/svn/asterisk/trunk@3446 65c4cc65-6c06-0410-ace0-fbb531ad65f3

17 files changed:
channels/chan_agent.c
channels/chan_alsa.c
channels/chan_h323.c
channels/chan_iax.c
channels/chan_iax2.c
channels/chan_mgcp.c
channels/chan_modem.c
channels/chan_modem_bestdata.c
channels/chan_nbs.c
channels/chan_oss.c
channels/chan_phone.c
channels/chan_sip.c
channels/chan_skinny.c
channels/chan_vofr.c
channels/chan_vpb.c
channels/chan_zap.c
channels/iax2-provision.c

index ffe87c2..bf71e9a 100755 (executable)
@@ -96,11 +96,11 @@ AST_MUTEX_DEFINE_STATIC(usecnt_lock);
 AST_MUTEX_DEFINE_STATIC(agentlock);
 
 static int recordagentcalls = 0;
-static char recordformat[AST_MAX_BUF];
-static char recordformatext[AST_MAX_BUF];
+static char recordformat[AST_MAX_BUF] = "";
+static char recordformatext[AST_MAX_BUF] = "";
 static int createlink = 0;
-static char urlprefix[AST_MAX_BUF];
-static char savecallsin[AST_MAX_BUF];
+static char urlprefix[AST_MAX_BUF] = "";
+static char savecallsin[AST_MAX_BUF] = "";
 static int updatecdr = 0;
 static char beep[AST_MAX_BUF] = "beep";
 
@@ -185,11 +185,11 @@ static void agent_unlink(struct agent_pvt *agent)
 
 static struct agent_pvt *add_agent(char *agent, int pending)
 {
-       char tmp[AST_MAX_BUF];
+       char tmp[AST_MAX_BUF] = "";
        char *password=NULL, *name=NULL;
        struct agent_pvt *p, *prev;
        
-       strncpy(tmp, agent, sizeof(tmp));
+       strncpy(tmp, agent, sizeof(tmp) - 1);
        if ((password = strchr(tmp, ','))) {
                *password = '\0';
                password++;
@@ -535,7 +535,7 @@ static int agent_hangup(struct ast_channel *ast)
                                        p->agent, p->loginchan, logintime, ast->uniqueid);
                                snprintf(agent, sizeof(agent), "Agent/%s", p->agent);
                                ast_queue_log("NONE", ast->uniqueid, agent, "AGENTCALLBACKLOGOFF", "%s|%ld|%s", p->loginchan, logintime, "Autologoff");
-                               strcpy(p->loginchan, "");
+                               p->loginchan[0] = '\0';
                        }
                } else if (p->dead) {
                        ast_mutex_lock(&p->chan->lock);
@@ -777,14 +777,14 @@ static int read_agent_config(void)
                p->dead = 1;
                p = p->next;
        }
-       strcpy(moh, "default");
+       strncpy(moh, "default", sizeof(moh) - 1);
        /* set the default recording values */
        recordagentcalls = 0;
        createlink = 0;
-       strcpy(recordformat, "wav");
-       strcpy(recordformatext, "wav");
-       strcpy(urlprefix, "");
-       strcpy(savecallsin, "");
+       strncpy(recordformat, "wav", sizeof(recordformat) - 1);
+       strncpy(recordformatext, "wav", sizeof(recordformatext) - 1);
+       urlprefix[0] = '\0';
+       savecallsin[0] = '\0';
 
        v = ast_variable_browse(cfg, "agents");
        while(v) {
@@ -819,20 +819,20 @@ static int read_agent_config(void)
                } else if (!strcasecmp(v->name, "recordformat")) {
                        strncpy(recordformat, v->value, sizeof(recordformat) - 1);
                        if (!strcasecmp(v->value, "wav49"))
-                               strcpy(recordformatext, "WAV");
+                               strncpy(recordformatext, "WAV", sizeof(recordformatext) - 1);
                        else
-                               strncpy(recordformatext, v->value, sizeof(recordformat) - 1);
+                               strncpy(recordformatext, v->value, sizeof(recordformatext) - 1);
                } else if (!strcasecmp(v->name, "urlprefix")) {
                        strncpy(urlprefix, v->value, sizeof(urlprefix) - 2);
                        if (urlprefix[strlen(urlprefix) - 1] != '/')
-                               strcat(urlprefix, "/");
+                               strncat(urlprefix, "/", sizeof(urlprefix) - strlen(urlprefix) - 1);
                } else if (!strcasecmp(v->name, "savecallsin")) {
                        if (v->value[0] == '/')
                                strncpy(savecallsin, v->value, sizeof(savecallsin) - 2);
                        else
                                snprintf(savecallsin, sizeof(savecallsin) - 2, "/%s", v->value);
                        if (savecallsin[strlen(savecallsin) - 1] != '/')
-                               strcat(savecallsin, "/");
+                               strncat(savecallsin, "/", sizeof(savecallsin) - strlen(savecallsin) - 1);
                } else if (!strcasecmp(v->name, "custom_beep")) {
                        strncpy(beep, v->value, sizeof(beep) - 1);
                }
@@ -1076,8 +1076,8 @@ static int agents_show(int fd, int argc, char **argv)
 {
        struct agent_pvt *p;
        char username[AST_MAX_BUF];
-       char location[AST_MAX_BUF];
-       char talkingto[AST_MAX_BUF];
+       char location[AST_MAX_BUF] = "";
+       char talkingto[AST_MAX_BUF] = "";
        char moh[AST_MAX_BUF];
 
        if (argc != 2)
@@ -1095,22 +1095,22 @@ static int agents_show(int fd, int argc, char **argv)
                        if (!ast_strlen_zero(p->name))
                                snprintf(username, sizeof(username), "(%s) ", p->name);
                        else
-                               strcpy(username, "");
+                               username[0] = '\0';
                        if (p->chan) {
                                snprintf(location, sizeof(location), "logged in on %s", p->chan->name);
                                if (p->owner && p->owner->bridge) {
                                        snprintf(talkingto, sizeof(talkingto), " talking to %s", p->owner->bridge->name);
                                } else {
-                                       strcpy(talkingto, " is idle");
+                                       strncpy(talkingto, " is idle", sizeof(talkingto) - 1);
                                }
                        } else if (!ast_strlen_zero(p->loginchan)) {
                                snprintf(location, sizeof(location) - 20, "available at '%s'", p->loginchan);
-                               strcpy(talkingto, "");
+                               talkingto[0] = '\0';
                                if (p->acknowledged)
-                                       strcat(location, " (Confirmed)");
+                                       strncat(location, " (Confirmed)", sizeof(location) - strlen(location) - 1);
                        } else {
-                               strcpy(location, "not logged in");
-                               strcpy(talkingto, "");
+                               strncpy(location, "not logged in", sizeof(location) - 1);
+                               talkingto[0] = '\0';
                        }
                        if (!ast_strlen_zero(p->moh))
                                snprintf(moh, sizeof(moh), " (musiconhold is '%s')", p->moh);
@@ -1142,7 +1142,7 @@ static int __login_exec(struct ast_channel *chan, void *data, int callbackmode)
        struct agent_pvt *p;
        struct localuser *u;
        struct timeval tv;
-       char user[AST_MAX_AGENT];
+       char user[AST_MAX_AGENT] = "";
        char pass[AST_MAX_AGENT];
        char agent[AST_MAX_AGENT] = "";
        char xpass[AST_MAX_AGENT] = "";
@@ -1183,7 +1183,7 @@ static int __login_exec(struct ast_channel *chan, void *data, int callbackmode)
                res = ast_answer(chan);
        if (!res) {
                if( opt_user && !ast_strlen_zero(opt_user))
-                       strncpy( user, opt_user, AST_MAX_AGENT );
+                       strncpy( user, opt_user, AST_MAX_AGENT - 1);
                else
                        res = ast_app_getdata(chan, "agent-user", user, sizeof(user) - 1, 0);
        }
@@ -1201,7 +1201,7 @@ static int __login_exec(struct ast_channel *chan, void *data, int callbackmode)
                        if (!ast_strlen_zero(xpass))
                                res = ast_app_getdata(chan, "agent-pass", pass, sizeof(pass) - 1, 0);
                        else
-                               strcpy(pass, "");
+                               pass[0] = '\0';
                }
                errmsg = "agent-incorrect";
 
@@ -1276,7 +1276,7 @@ static int __login_exec(struct ast_channel *chan, void *data, int callbackmode)
 
                                                        }
                                                } else {
-                                                       strcpy(p->loginchan, "");
+                                                       p->loginchan[0] = '\0';
                                                        p->acknowledged = 0;
                                                }
                                                play_announcement = 1;
index b13224b..edddc7c 100755 (executable)
@@ -852,11 +852,11 @@ static int console_sendtext(int fd, int argc, char *argv[])
                res = RESULT_FAILURE;
        } else {
                struct ast_frame f = { AST_FRAME_TEXT, 0 };
-               char text2send[256];
-               strcpy(text2send, "");
+               char text2send[256] = "";
+               text2send[0] = '\0';
                while(tmparg <= argc) {
-                       strncat(text2send, argv[tmparg++], sizeof(text2send) - strlen(text2send));
-                       strncat(text2send, " ", sizeof(text2send) - strlen(text2send));
+                       strncat(text2send, argv[tmparg++], sizeof(text2send) - strlen(text2send) - 1);
+                       strncat(text2send, " ", sizeof(text2send) - strlen(text2send) - 1);
                }
                f.data = text2send;
                f.datalen = strlen(text2send) + 1;
index 63030d6..db379a1 100755 (executable)
@@ -707,7 +707,7 @@ static struct ast_channel *oh323_new(struct oh323_pvt *i, int state, const char
        
        if (ch) {
                
-               snprintf(ch->name, sizeof(ch->name)-1, "H323/%s", host);
+               snprintf(ch->name, sizeof(ch->name), "H323/%s", host);
                ch->nativeformats = i->capability;
                if (!ch->nativeformats)
                        ch->nativeformats = capability;
@@ -1080,14 +1080,14 @@ int setup_incoming_call(call_details_t cd)
                        strncpy(p->exten, alias->name, sizeof(p->exten)-1);
                        strncpy(p->context, alias->context, sizeof(p->context)-1);
                }
-               sprintf(p->callerid, "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164);
+               snprintf(p->callerid, sizeof(p->callerid), "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164);
        } else { 
                /* Either this call is not from the Gatekeeper 
                   or we are not allowing gk routed calls */
                user  = find_user(cd);
 
                if (!user) {
-                       sprintf(p->callerid, "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164);
+                       snprintf(p->callerid, sizeof(p->callerid), "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164);
                        if (!ast_strlen_zero(p->cd.call_dest_e164)) {
                                strncpy(p->exten, cd.call_dest_e164, sizeof(p->exten)-1);
                        } else {
@@ -1111,7 +1111,8 @@ int setup_incoming_call(call_details_t cd)
                                        } else {
                                                strncpy(p->context, user->context, sizeof(p->context)-1);
                                        }
-                                       sprintf(p->exten, "i");
+                                       p->exten[0] = 'i';
+                                       p->exten[1] = '\0';
                                        ast_log(LOG_ERROR, "Call from '%s' rejected due to non-matching IP address (%s)s\n", user->name, cd.sourceIp);
                                        goto exit;                                      
                                }
@@ -1129,7 +1130,7 @@ int setup_incoming_call(call_details_t cd)
                        if (!ast_strlen_zero(user->callerid)) {
                                strncpy(p->callerid, user->callerid, sizeof(p->callerid) - 1);
                        } else {
-                                sprintf(p->callerid, "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164); 
+                                snprintf(p->callerid, sizeof(p->callerid), "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164); 
                        }
                        if (!ast_strlen_zero(p->cd.call_dest_e164)) {
                                strncpy(p->exten, cd.call_dest_e164, sizeof(p->exten)-1);
index 3ebd4fb..754ce25 100755 (executable)
@@ -504,7 +504,7 @@ static void showframe(struct ast_iax_frame *f, struct ast_iax_full_hdr *fhi, int
                "TKOFFHK ",
                "OFFHOOK" };
        struct ast_iax_full_hdr *fh;
-       char retries[20];
+       char retries[20] = "";
        char class2[20];
        char subclass2[20];
        char *class;
@@ -514,7 +514,7 @@ static void showframe(struct ast_iax_frame *f, struct ast_iax_full_hdr *fhi, int
                fh = f->data;
                snprintf(retries, sizeof(retries), "%03d", f->retries);
        } else {
-               strcpy(retries, "N/A");
+               strncpy(retries, "N/A", sizeof(retries) - 1);
                fh = fhi;
        }
        if (!(ntohs(fh->callno) & AST_FLAG_FULL)) {
@@ -528,7 +528,7 @@ static void showframe(struct ast_iax_frame *f, struct ast_iax_full_hdr *fhi, int
                class = frames[(int)fh->type];
        }
        if (fh->type == AST_FRAME_DTMF) {
-               sprintf(subclass2, "%c", fh->csub);
+               snprintf(subclass2, sizeof(subclass2), "%c", fh->csub);
                subclass = subclass2;
        } else if (fh->type == AST_FRAME_IAX) {
                if (fh->csub >= sizeof(iaxs)/sizeof(iaxs[0])) {
@@ -1243,7 +1243,7 @@ static int iax_show_stats(int fd, int argc, char *argv[])
 static int iax_show_cache(int fd, int argc, char *argv[])
 {
        struct iax_dpcache *dp;
-       char tmp[1024], *pc;
+       char tmp[1024] = "", *pc;
        int s;
        int x,y;
        struct timeval tv;
@@ -1253,28 +1253,28 @@ static int iax_show_cache(int fd, int argc, char *argv[])
        ast_cli(fd, "%-20.20s %-12.12s %-9.9s %-8.8s %s\n", "Peer/Context", "Exten", "Exp.", "Wait.", "Flags");
        while(dp) {
                s = dp->expirey.tv_sec - tv.tv_sec;
-               strcpy(tmp, "");
+               tmp[0] = '\0';
                if (dp->flags & CACHE_FLAG_EXISTS)
-                       strcat(tmp, "EXISTS|");
+                       strncat(tmp, "EXISTS|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_NONEXISTANT)
-                       strcat(tmp, "NONEXISTANT|");
+                       strncat(tmp, "NONEXISTANT|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_CANEXIST)
-                       strcat(tmp, "CANEXIST|");
+                       strncat(tmp, "CANEXIST|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_PENDING)
-                       strcat(tmp, "PENDING|");
+                       strncat(tmp, "PENDING|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_TIMEOUT)
-                       strcat(tmp, "TIMEOUT|");
+                       strncat(tmp, "TIMEOUT|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_TRANSMITTED)
-                       strcat(tmp, "TRANSMITTED|");
+                       strncat(tmp, "TRANSMITTED|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_MATCHMORE)
-                       strcat(tmp, "MATCHMORE|");
+                       strncat(tmp, "MATCHMORE|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_UNKNOWN)
-                       strcat(tmp, "UNKNOWN|");
+                       strncat(tmp, "UNKNOWN|", sizeof(tmp) - strlen(tmp) - 1);
                /* Trim trailing pipe */
                if (strlen(tmp))
                        tmp[strlen(tmp) - 1] = '\0';
                else
-                       strcpy(tmp, "(none)");
+                       strncpy(tmp, "(none)", sizeof(tmp) - 1);
                y=0;
                pc = strchr(dp->peercontext, '@');
                if (!pc)
@@ -1572,7 +1572,7 @@ static struct iax_peer *mysql_peer(char *peer)
                                for (x=0;x<numfields;x++) {
                                        if (rowval[x]) {
                                                if (!strcasecmp(fields[x].name, "secret")) {
-                                                       strncpy(p->secret, rowval[x], sizeof(p->secret));
+                                                       strncpy(p->secret, rowval[x], sizeof(p->secret) - 1);
                                                } else if (!strcasecmp(fields[x].name, "context")) {
                                                        strncpy(p->context, rowval[x], sizeof(p->context) - 1);
                                                } else if (!strcasecmp(fields[x].name, "ipaddr")) {
@@ -1603,7 +1603,7 @@ static struct iax_peer *mysql_peer(char *peer)
                p->delme = 1;
                p->expire = -1;
                p->capability = iax_capability;
-               strcpy(p->methods, "md5,plaintext");
+               strncpy(p->methods, "md5,plaintext", sizeof(p->methods) - 1);
        }
        return p;
 }
@@ -1618,7 +1618,7 @@ static struct iax_user *mysql_user(char *user)
        memset(p, 0, sizeof(struct iax_user));
        con = malloc(sizeof(struct iax_context));
        memset(con, 0, sizeof(struct iax_context));
-       strcpy(con->context, "default");
+       strncpy(con->context, "default", sizeof(con->context) - 1);
        p->contexts = con;
        if (mysql && (strlen(user) < 128)) {
                char query[512];
@@ -1640,7 +1640,7 @@ static struct iax_user *mysql_user(char *user)
                                for (x=0;x<numfields;x++) {
                                        if (rowval[x]) {
                                                if (!strcasecmp(fields[x].name, "secret")) {
-                                                       strncpy(p->secret, rowval[x], sizeof(p->secret));
+                                                       strncpy(p->secret, rowval[x], sizeof(p->secret) - 1);
                                                } else if (!strcasecmp(fields[x].name, "context")) {
                                                        strncpy(p->contexts->context, rowval[x], sizeof(p->contexts->context) - 1);
                                                }
@@ -1658,7 +1658,7 @@ static struct iax_user *mysql_user(char *user)
        } else {
                strncpy(p->name, user, sizeof(p->name) - 1);
                p->delme = 1;
-               strcpy(p->methods, "md5,plaintext");
+               strncpy(p->methods, "md5,plaintext", sizeof(p->methods) - 1);
        }
        return p;
 }
@@ -2346,22 +2346,22 @@ static int iax_show_peers(int fd, int argc, char *argv[])
        ast_cli(fd, FORMAT2, "Name/Username", "Host", "   ", "Mask", "Port", "Status");
        for (peer = peerl.peers;peer;peer = peer->next) {
                char nm[20];
-               char status[20];
+               char status[20] = "";
                if (strlen(peer->username))
                        snprintf(name, sizeof(name), "%s/%s", peer->name, peer->username);
                else
                        strncpy(name, peer->name, sizeof(name) - 1);
                if (peer->maxms) {
                        if (peer->lastms < 0)
-                               strcpy(status, "UNREACHABLE");
+                               strncpy(status, "UNREACHABLE", sizeof(status) - 1);
                        else if (peer->lastms > peer->maxms) 
                                snprintf(status, sizeof(status), "LAGGED (%d ms)", peer->lastms);
                        else if (peer->lastms) 
                                snprintf(status, sizeof(status), "OK (%d ms)", peer->lastms);
                        else 
-                               strcpy(status, "UNKNOWN");
+                               strncpy(status, "UNKNOWN", sizeof(status) - 1);
                } else 
-                       strcpy(status, "Unmonitored");
+                       strncpy(status, "Unmonitored", sizeof(status) - 1);
                strncpy(nm, ast_inet_ntoa(iabuf, sizeof(iabuf), peer->mask), sizeof(nm)-1);
                ast_cli(fd, FORMAT, name, 
                                        peer->addr.sin_addr.s_addr ? ast_inet_ntoa(iabuf, sizeof(iabuf), peer->addr.sin_addr) : "(Unspecified)",
@@ -2413,7 +2413,7 @@ static int iax_show_registry(int fd, int argc, char *argv[])
 #define FORMAT "%-20.20s  %-10.10s  %-20.20s %8d  %s\n"
        struct iax_registry *reg;
        char host[80];
-       char perceived[80];
+       char perceived[80] = "";
        char iabuf[INET_ADDRSTRLEN];
        if (argc != 3)
                return RESULT_SHOWUSAGE;
@@ -2424,7 +2424,7 @@ static int iax_show_registry(int fd, int argc, char *argv[])
                if (reg->us.sin_addr.s_addr) 
                        snprintf(perceived, sizeof(perceived), "%s:%d", ast_inet_ntoa(iabuf, sizeof(iabuf), reg->us.sin_addr), ntohs(reg->us.sin_port));
                else
-                       strcpy(perceived, "<Unregistered>");
+                       strncpy(perceived, "<Unregistered>", sizeof(perceived) - 1);
                ast_cli(fd, FORMAT, host, 
                                        reg->username, perceived, reg->refresh, regstate2str(reg->regstate));
        }
@@ -2724,7 +2724,7 @@ static int check_access(int callno, struct sockaddr_in *sin, char *orequest, int
                /* Copy the secret */
                strncpy(iaxs[callno]->secret, user->secret, sizeof(iaxs[callno]->secret)-1);
                /* And any input keys */
-               strncpy(iaxs[callno]->inkeys, user->inkeys, sizeof(iaxs[callno]->inkeys));
+               strncpy(iaxs[callno]->inkeys, user->inkeys, sizeof(iaxs[callno]->inkeys) - 1);
                /* And the permitted authentication methods */
                strncpy(iaxs[callno]->methods, user->methods, sizeof(iaxs[callno]->methods)-1);
                /* If they have callerid, override the given caller id.  Always store the ANI */
@@ -2810,9 +2810,9 @@ static int authenticate_verify(struct chan_iax_pvt *p, char *orequest)
        if (strstr(p->methods, "rsa") && strlen(rsasecret) && strlen(p->inkeys)) {
                struct ast_key *key;
                char *keyn;
-               char tmpkey[256];
+               char tmpkey[256] = "";
                char *stringp=NULL;
-               strncpy(tmpkey, p->inkeys, sizeof(tmpkey));
+               strncpy(tmpkey, p->inkeys, sizeof(tmpkey) - 1);
                stringp=tmpkey;
                keyn = strsep(&stringp, ":");
                while(keyn) {
@@ -2862,7 +2862,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, char *orequest)
        char *stringp=NULL;
 
        iaxs[callno]->state &= ~IAX_STATE_AUTHENTICATED;
-       strcpy(iaxs[callno]->peer, "");
+       iaxs[callno]->peer[0] = '\0';
        if (!orequest)
                return -1;
        strncpy(request, orequest, sizeof(request)-1);
@@ -2927,7 +2927,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, char *orequest)
                if (strlen(p->inkeys)) {
                        char tmpkeys[256];
                        char *stringp=NULL;
-                       strncpy(tmpkeys, p->inkeys, sizeof(tmpkeys));
+                       strncpy(tmpkeys, p->inkeys, sizeof(tmpkeys) - 1);
                        stringp=tmpkeys;
                        keyn = strsep(&stringp, ":");
                        while(keyn) {
@@ -3667,7 +3667,7 @@ static int socket_read(int *id, int fd, short events, void *cbdata)
        int exists;
        int mm;
        char iabuf[INET_ADDRSTRLEN];
-       char rel0[256];
+       char rel0[256] = "";
        char rel1[255];
        char empty[32]="";              /* Safety measure */
        res = recvfrom(netsocket, buf, sizeof(buf), 0,(struct sockaddr *) &sin, &len);
@@ -3939,11 +3939,11 @@ retryowner:
                                        mm = ast_matchmore_extension(NULL, iaxs[fr.callno]->context, (char *)f.data, 1, iaxs[fr.callno]->callerid);
                                        /* Must be started */
                                        if (ast_exists_extension(NULL, iaxs[fr.callno]->context, (char *)f.data, 1, iaxs[fr.callno]->callerid)) {
-                                               strcpy(rel0, "exists");
+                                               strncpy(rel0, "exists", sizeof(rel0) - 1);
                                        } else if (ast_canmatch_extension(NULL, iaxs[fr.callno]->context, (char *)f.data, 1, iaxs[fr.callno]->callerid)) {
-                                               strcpy(rel0, "canexist");
+                                               strncpy(rel0, "canexist", sizeof(rel0) - 1);
                                        } else {
-                                               strcpy(rel0, "nonexistant");
+                                               strncpy(rel0, "nonexistant", sizeof(rel0) - 1);
                                        }
                                        snprintf(rel1, sizeof(rel1), "number=%s;status=%s;ignorepat=%s;expirey=%d;matchmore=%s;",
                                                (char *)f.data, rel0,
@@ -4672,9 +4672,9 @@ static struct iax_peer *build_peer(char *name, struct ast_variable *v)
                        } else if (!strcasecmp(v->name, "sendani")) {
                                peer->sendani = ast_true(v->value);
                        } else if (!strcasecmp(v->name, "inkeys")) {
-                               strncpy(peer->inkeys, v->value, sizeof(peer->inkeys));
+                               strncpy(peer->inkeys, v->value, sizeof(peer->inkeys) - 1);
                        } else if (!strcasecmp(v->name, "outkey")) {
-                               strncpy(peer->outkey, v->value, sizeof(peer->outkey));
+                               strncpy(peer->outkey, v->value, sizeof(peer->outkey) - 1);
                        } else if (!strcasecmp(v->name, "qualify")) {
                                if (!strcasecmp(v->value, "no")) {
                                        peer->maxms = 0;
@@ -4689,7 +4689,7 @@ static struct iax_peer *build_peer(char *name, struct ast_variable *v)
                        v=v->next;
                }
                if (!strlen(peer->methods))
-                       strcpy(peer->methods, "md5,plaintext");
+                       strncpy(peer->methods, "md5,plaintext", sizeof(peer->methods) - 1);
                peer->delme = 0;
        }
        return peer;
@@ -4734,7 +4734,7 @@ static struct iax_user *build_user(char *name, struct ast_variable *v)
                                        user->amaflags = format;
                                }
                        } else if (!strcasecmp(v->name, "inkeys")) {
-                               strncpy(user->inkeys, v->value, sizeof(user->inkeys));
+                               strncpy(user->inkeys, v->value, sizeof(user->inkeys) - 1);
                        } //else if (strcasecmp(v->name,"type"))
                        //      ast_log(LOG_WARNING, "Ignoring %s\n", v->name);
                        v = v->next;
index fbaed07..c7dd8ba 100755 (executable)
@@ -1527,7 +1527,7 @@ static int iax2_show_stats(int fd, int argc, char *argv[])
 static int iax2_show_cache(int fd, int argc, char *argv[])
 {
        struct iax2_dpcache *dp;
-       char tmp[1024], *pc;
+       char tmp[1024] = "", *pc;
        int s;
        int x,y;
        struct timeval tv;
@@ -1537,28 +1537,28 @@ static int iax2_show_cache(int fd, int argc, char *argv[])
        ast_cli(fd, "%-20.20s %-12.12s %-9.9s %-8.8s %s\n", "Peer/Context", "Exten", "Exp.", "Wait.", "Flags");
        while(dp) {
                s = dp->expirey.tv_sec - tv.tv_sec;
-               strcpy(tmp, "");
+               tmp[0] = '\0';
                if (dp->flags & CACHE_FLAG_EXISTS)
-                       strcat(tmp, "EXISTS|");
+                       strncat(tmp, "EXISTS|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_NONEXISTANT)
-                       strcat(tmp, "NONEXISTANT|");
+                       strncat(tmp, "NONEXISTANT|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_CANEXIST)
-                       strcat(tmp, "CANEXIST|");
+                       strncat(tmp, "CANEXIST|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_PENDING)
-                       strcat(tmp, "PENDING|");
+                       strncat(tmp, "PENDING|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_TIMEOUT)
-                       strcat(tmp, "TIMEOUT|");
+                       strncat(tmp, "TIMEOUT|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_TRANSMITTED)
-                       strcat(tmp, "TRANSMITTED|");
+                       strncat(tmp, "TRANSMITTED|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_MATCHMORE)
-                       strcat(tmp, "MATCHMORE|");
+                       strncat(tmp, "MATCHMORE|", sizeof(tmp) - strlen(tmp) - 1);
                if (dp->flags & CACHE_FLAG_UNKNOWN)
-                       strcat(tmp, "UNKNOWN|");
+                       strncat(tmp, "UNKNOWN|", sizeof(tmp) - strlen(tmp) - 1);
                /* Trim trailing pipe */
                if (!ast_strlen_zero(tmp))
                        tmp[strlen(tmp) - 1] = '\0';
                else
-                       strcpy(tmp, "(none)");
+                       strncpy(tmp, "(none)", sizeof(tmp) - 1);
                y=0;
                pc = strchr(dp->peercontext, '@');
                if (!pc)
@@ -1910,7 +1910,7 @@ static struct iax2_peer *mysql_peer(char *peer)
                                for (x=0;x<numfields;x++) {
                                        if (rowval[x]) {
                                                if (!strcasecmp(fields[x].name, "secret")) {
-                                                       strncpy(p->secret, rowval[x], sizeof(p->secret));
+                                                       strncpy(p->secret, rowval[x], sizeof(p->secret) - 1);
                                                } else if (!strcasecmp(fields[x].name, "context")) {
                                                        strncpy(p->context, rowval[x], sizeof(p->context) - 1);
                                                } else if (!strcasecmp(fields[x].name, "ipaddr")) {
@@ -1957,7 +1957,7 @@ static struct iax2_user *mysql_user(char *user)
        memset(p, 0, sizeof(struct iax2_user));
        con = malloc(sizeof(struct iax2_context));
        memset(con, 0, sizeof(struct iax2_context));
-       strcpy(con->context, "default");
+       strncpy(con->context, "default", sizeof(con->context) - 1);
        p->contexts = con;
        if (mysql && (strlen(user) < 128)) {
                char query[512];
@@ -1979,11 +1979,11 @@ static struct iax2_user *mysql_user(char *user)
                                for (x=0;x<numfields;x++) {
                                        if (rowval[x]) {
                                                if (!strcasecmp(fields[x].name, "secret")) {
-                                                       strncpy(p->secret, rowval[x], sizeof(p->secret));
+                                                       strncpy(p->secret, rowval[x], sizeof(p->secret) - 1);
                                                } else if (!strcasecmp(fields[x].name, "context")) {
                                                        strncpy(p->contexts->context, rowval[x], sizeof(p->contexts->context) - 1);
                                                } else if (!strcasecmp(fields[x].name, "accountcode")) {
-                                                       strncpy(p->accountcode, rowval[x], sizeof(p->accountcode));
+                                                       strncpy(p->accountcode, rowval[x], sizeof(p->accountcode) - 1);
                                                }
                                        }
                                }
@@ -2050,7 +2050,7 @@ static int create_addr(struct sockaddr_in *sin, int *capability, int *sendani, i
                        if (capability)
                                *capability = p->capability;
                        if (secret)
-                               strncpy(secret, p->secret, seclen);
+                               strncpy(secret, p->secret, seclen); /* safe */
                        if (p->addr.sin_addr.s_addr) {
                                sin->sin_addr = p->addr.sin_addr;
                                sin->sin_port = p->addr.sin_port;
@@ -2227,7 +2227,7 @@ static int iax2_call(struct ast_channel *c, char *dest, int timeout)
                secret = storedsecret;
        ast_mutex_lock(&iaxsl[callno]);
        if (!ast_strlen_zero(c->context))
-               strncpy(iaxs[callno]->context, c->context, sizeof(iaxs[callno]->context));
+               strncpy(iaxs[callno]->context, c->context, sizeof(iaxs[callno]->context) - 1);
        if (secret) {
                if (secret[0] == '[') {
                        /* This is an RSA key, not a normal secret */
@@ -3019,7 +3019,7 @@ static int iax2_show_users(int fd, int argc, char *argv[])
 #define FORMAT "%-15.15s  %-20.20s  %-15.15s  %-15.15s  %-5.5s\n"
 #define FORMAT2 "%-15.15s  %-20.20s  %-15.15d  %-15.15s  %-5.5s\n"
        struct iax2_user *user;
-       char auth[90];
+       char auth[90] = "";
        if (argc != 3) 
                return RESULT_SHOWUSAGE;
        ast_mutex_lock(&userl.lock);
@@ -3028,9 +3028,9 @@ static int iax2_show_users(int fd, int argc, char *argv[])
                if (!ast_strlen_zero(user->secret)) {
                        strncpy(auth,user->secret,sizeof(auth)-1);
                } else if (!ast_strlen_zero(user->inkeys)) {
-                       sprintf(auth,"Key: %-15.15s ",user->inkeys);
+                       snprintf(auth, sizeof(auth), "Key: %-15.15s ", user->inkeys);
                } else
-                       strcpy(auth,"-no secret-");
+                       strncpy(auth, "-no secret-", sizeof(auth) - 1);
                ast_cli(fd, FORMAT2, user->name, auth, user->authmethods, 
                                user->contexts ? user->contexts->context : context,
                                user->ha ? "Yes" : "No");
@@ -3061,9 +3061,9 @@ static int iax2_show_peers(int fd, int argc, char *argv[])
        ast_cli(fd, FORMAT2, "Name/Username", "Host", "   ", "Mask", "Port", "Status");
        for (peer = peerl.peers;peer;peer = peer->next) {
                char nm[20];
-               char status[20];
+               char status[20] = "";
                 int print_line = -1;
-                char srch[2000];
+               char srch[2000] = "";
                if (registeredonly && !peer->addr.sin_addr.s_addr)
                        continue;
                if (!ast_strlen_zero(peer->username))
@@ -3072,18 +3072,18 @@ static int iax2_show_peers(int fd, int argc, char *argv[])
                        strncpy(name, peer->name, sizeof(name) - 1);
                if (peer->maxms) {
                        if (peer->lastms < 0)
-                               strcpy(status, "UNREACHABLE");
+                               strncpy(status, "UNREACHABLE", sizeof(status) - 1);
                        else if (peer->lastms > peer->maxms) 
                                snprintf(status, sizeof(status), "LAGGED (%d ms)", peer->lastms);
                        else if (peer->lastms) 
                                snprintf(status, sizeof(status), "OK (%d ms)", peer->lastms);
                        else 
-                               strcpy(status, "UNKNOWN");
+                               strncpy(status, "UNKNOWN", sizeof(status) - 1);
                } else 
-                       strcpy(status, "Unmonitored");
+                       strncpy(status, "Unmonitored", sizeof(status) - 1);
                strncpy(nm, ast_inet_ntoa(iabuf, sizeof(iabuf), peer->mask), sizeof(nm)-1);
 
-               sprintf(srch, FORMAT, name, 
+               snprintf(srch, sizeof(srch), FORMAT, name, 
                                        peer->addr.sin_addr.s_addr ? ast_inet_ntoa(iabuf, sizeof(iabuf), peer->addr.sin_addr) : "(Unspecified)",
                                        peer->dynamic ? "(D)" : "(S)",
                                        nm,
@@ -3174,7 +3174,7 @@ static int iax2_show_registry(int fd, int argc, char *argv[])
 #define FORMAT "%-20.20s  %-10.10s  %-20.20s %8d  %s\n"
        struct iax2_registry *reg;
        char host[80];
-       char perceived[80];
+       char perceived[80] = "";
        char iabuf[INET_ADDRSTRLEN];
        if (argc != 3)
                return RESULT_SHOWUSAGE;
@@ -3185,7 +3185,7 @@ static int iax2_show_registry(int fd, int argc, char *argv[])
                if (reg->us.sin_addr.s_addr) 
                        snprintf(perceived, sizeof(perceived), "%s:%d", ast_inet_ntoa(iabuf, sizeof(iabuf), reg->us.sin_addr), ntohs(reg->us.sin_port));
                else
-                       strcpy(perceived, "<Unregistered>");
+                       strncpy(perceived, "<Unregistered>", sizeof(perceived) - 1);
                ast_cli(fd, FORMAT, host, 
                                        reg->username, perceived, reg->refresh, regstate2str(reg->regstate));
        }
@@ -3540,7 +3540,7 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies
                /* Copy the secret */
                strncpy(iaxs[callno]->secret, user->secret, sizeof(iaxs[callno]->secret)-1);
                /* And any input keys */
-               strncpy(iaxs[callno]->inkeys, user->inkeys, sizeof(iaxs[callno]->inkeys));
+               strncpy(iaxs[callno]->inkeys, user->inkeys, sizeof(iaxs[callno]->inkeys) - 1);
                /* And the permitted authentication methods */
                iaxs[callno]->authmethods = user->authmethods;
                /* If they have callerid, override the given caller id.  Always store the ANI */
@@ -3614,9 +3614,9 @@ static int authenticate_verify(struct chan_iax2_pvt *p, struct iax_ies *ies)
        if ((p->authmethods & IAX_AUTH_RSA) && !ast_strlen_zero(rsasecret) && !ast_strlen_zero(p->inkeys)) {
                struct ast_key *key;
                char *keyn;
-               char tmpkey[256];
+               char tmpkey[256] = "";
                char *stringp=NULL;
-               strncpy(tmpkey, p->inkeys, sizeof(tmpkey));
+               strncpy(tmpkey, p->inkeys, sizeof(tmpkey) - 1);
                stringp=tmpkey;
                keyn = strsep(&stringp, ":");
                while(keyn) {
@@ -3637,7 +3637,7 @@ static int authenticate_verify(struct chan_iax2_pvt *p, struct iax_ies *ies)
                MD5Final(digest, &md5);
                /* If they support md5, authenticate with it.  */
                for (x=0;x<16;x++)
-                       sprintf(requeststr + (x << 1), "%2.2x", digest[x]);
+                       sprintf(requeststr + (x << 1), "%2.2x", digest[x]); /* safe */
                if (!strcasecmp(requeststr, md5secret))
                        res = 0;
        } else if (p->authmethods & IAX_AUTH_PLAINTEXT) {
@@ -3662,7 +3662,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies *
        int expire = 0;
 
        iaxs[callno]->state &= ~IAX_STATE_AUTHENTICATED;
-       strcpy(iaxs[callno]->peer, "");
+       iaxs[callno]->peer[0] = '\0';
        if (ies->username)
                strncpy(peer, ies->username, sizeof(peer) - 1);
        if (ies->password)
@@ -3715,9 +3715,9 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies *
        /* Check secret against what we have on file */
        if (!ast_strlen_zero(rsasecret) && (p->authmethods & IAX_AUTH_RSA) && !ast_strlen_zero(iaxs[callno]->challenge)) {
                if (!ast_strlen_zero(p->inkeys)) {
-                       char tmpkeys[256];
+                       char tmpkeys[256] = "";
                        char *stringp=NULL;
-                       strncpy(tmpkeys, p->inkeys, sizeof(tmpkeys));
+                       strncpy(tmpkeys, p->inkeys, sizeof(tmpkeys) - 1);
                        stringp=tmpkeys;
                        keyn = strsep(&stringp, ":");
                        while(keyn) {
@@ -3761,7 +3761,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies *
                MD5Update(&md5, p->secret, strlen(p->secret));
                MD5Final(digest, &md5);
                for (x=0;x<16;x++)
-                       sprintf(requeststr + (x << 1), "%2.2x", digest[x]);
+                       sprintf(requeststr + (x << 1), "%2.2x", digest[x]); /* safe */
                if (strcasecmp(requeststr, md5secret)) {
                        if (authdebug)
                                ast_log(LOG_NOTICE, "Host %s failed MD5 authentication for '%s' (%s != %s)\n", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), p->name, requeststr, md5secret);
@@ -3827,7 +3827,7 @@ static int authenticate(char *challenge, char *secret, char *keyn, int authmetho
                        MD5Final(digest, &md5);
                        /* If they support md5, authenticate with it.  */
                        for (x=0;x<16;x++)
-                               sprintf(digres + (x << 1),  "%2.2x", digest[x]);
+                               sprintf(digres + (x << 1),  "%2.2x", digest[x]); /* safe */
                        iax_ie_append_str(ied, IAX_IE_MD5_RESULT, digres);
                        res = 0;
                } else if (authmethods & IAX_AUTH_PLAINTEXT) {
@@ -6251,9 +6251,9 @@ static struct iax2_peer *build_peer(char *name, struct ast_variable *v)
                        } else if (!strcasecmp(v->name, "sendani")) {
                                peer->sendani = ast_true(v->value);
                        } else if (!strcasecmp(v->name, "inkeys")) {
-                               strncpy(peer->inkeys, v->value, sizeof(peer->inkeys));
+                               strncpy(peer->inkeys, v->value, sizeof(peer->inkeys) - 1);
                        } else if (!strcasecmp(v->name, "outkey")) {
-                               strncpy(peer->outkey, v->value, sizeof(peer->outkey));
+                               strncpy(peer->outkey, v->value, sizeof(peer->outkey) - 1);
                        } else if (!strcasecmp(v->name, "qualify")) {
                                if (!strcasecmp(v->value, "no")) {
                                        peer->maxms = 0;
@@ -6322,7 +6322,7 @@ static struct iax2_user *build_user(char *name, struct ast_variable *v)
                memset(user, 0, sizeof(struct iax2_user));
                user->capability = iax2_capability;
                strncpy(user->name, name, sizeof(user->name)-1);
-               strcpy(user->language, language);
+               strncpy(user->language, language, sizeof(user->language) - 1);
                while(v) {
                        if (!strcasecmp(v->name, "context")) {
                                con = build_context(v->value);
@@ -6375,7 +6375,7 @@ static struct iax2_user *build_user(char *name, struct ast_variable *v)
                                        user->amaflags = format;
                                }
                        } else if (!strcasecmp(v->name, "inkeys")) {
-                               strncpy(user->inkeys, v->value, sizeof(user->inkeys));
+                               strncpy(user->inkeys, v->value, sizeof(user->inkeys) - 1);
                        }// else if (strcasecmp(v->name,"type"))
                        //      ast_log(LOG_WARNING, "Ignoring %s\n", v->name);
                        v = v->next;
index 082ec9d..df2ce37 100755 (executable)
@@ -872,7 +872,7 @@ static int mgcp_hangup(struct ast_channel *ast)
        if (strlen(sub->cxident)) {
                transmit_connection_del(sub);
     }
-       strcpy(sub->cxident, "");
+        sub->cxident[0] = '\0';
     if ((sub == p->sub) && sub->next->owner) {
         if (p->hookstate == MGCP_OFFHOOK) {
             if (sub->next->owner && sub->next->owner->bridge) {
@@ -900,7 +900,7 @@ static int mgcp_hangup(struct ast_channel *ast)
        sub->alreadygone = 0;
        sub->outgoing = 0;
        sub->cxmode = MGCP_CX_INACTIVE;
-       strcpy(sub->callid, "");
+       sub->callid[0] = '\0';
        /* Reset temporary destination */
        memset(&sub->tmpdest, 0, sizeof(sub->tmpdest));
        if (sub->rtp) {
@@ -1253,7 +1253,7 @@ static struct ast_channel *mgcp_new(struct mgcp_subchannel *sub, int state)
                ast_update_use_count();
                tmp->callgroup = i->callgroup;
                tmp->pickupgroup = i->pickupgroup;
-               strncpy(tmp->call_forward, i->call_forward, sizeof(tmp->call_forward));
+               strncpy(tmp->call_forward, i->call_forward, sizeof(tmp->call_forward) - 1);
                strncpy(tmp->context, i->context, sizeof(tmp->context)-1);
                strncpy(tmp->exten, i->exten, sizeof(tmp->exten)-1);
                if (strlen(i->callerid))
@@ -1798,7 +1798,7 @@ static int add_sdp(struct mgcp_request *resp, struct mgcp_subchannel *sub, struc
        char o[256];
        char c[256];
        char t[256];
-       char m[256];
+       char m[256] = "";
        char a[1024] = "";
        char iabuf[INET_ADDRSTRLEN];
        int x;
@@ -1842,9 +1842,9 @@ static int add_sdp(struct mgcp_request *resp, struct mgcp_subchannel *sub, struc
                        codec = ast_rtp_lookup_code(sub->rtp, 1, x);
             if (codec > -1) {
                                snprintf(costr, sizeof(costr), " %d", codec);
-                               strcat(m, costr);
+                               strncat(m, costr, sizeof(m) - strlen(m) - 1);
                                snprintf(costr, sizeof(costr), "a=rtpmap:%d %s/8000\r\n", codec, ast_rtp_lookup_mime_subtype(1, x));
-                               strcat(a, costr);
+                               strncat(a, costr, sizeof(a) - strlen(a) - 1);
                        }
                }
        }
@@ -1856,18 +1856,18 @@ static int add_sdp(struct mgcp_request *resp, struct mgcp_subchannel *sub, struc
             codec = ast_rtp_lookup_code(sub->rtp, 0, x);
             if (codec > -1) {
                 snprintf(costr, sizeof(costr), " %d", codec);
-                strcat(m, costr);
+                strncat(m, costr, sizeof(m) - strlen(m) - 1);
                 snprintf(costr, sizeof(costr), "a=rtpmap:%d %s/8000\r\n", codec, ast_rtp_lookup_mime_subtype(0, x));
-                strcat(a, costr);
+                strncat(a, costr, sizeof(a) - strlen(a) - 1);
                 if (x == AST_RTP_DTMF) {
                   /* Indicate we support DTMF...  Not sure about 16, but MSN supports it so dang it, we will too... */
                   snprintf(costr, sizeof costr, "a=fmtp:%d 0-16\r\n", codec);
-                  strcat(a, costr);
+                  strncat(a, costr, sizeof(a) - strlen(a) - 1);
                 }
             }
         }
     }
-       strcat(m, "\r\n");
+       strncat(m, "\r\n", sizeof(m) - strlen(m) - 1);
        len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
        snprintf(costr, sizeof(costr), "%d", len);
        add_line(resp, v);
@@ -1901,7 +1901,7 @@ static int transmit_modify_with_sdp(struct mgcp_subchannel *sub, struct ast_rtp
        for (x=1;x<= AST_FORMAT_MAX_AUDIO; x <<= 1) {
                if (capability & x) {
                        snprintf(tmp, sizeof(tmp), ", a:%s", ast_rtp_lookup_mime_subtype(1, x));
-                       strcat(local, tmp);
+                       strncat(local, tmp, sizeof(local) - strlen(local) - 1);
                }
        }
        reqprep(&resp, p, "MDCX");
@@ -1931,7 +1931,7 @@ static int transmit_connect_with_sdp(struct mgcp_subchannel *sub, struct ast_rtp
        for (x=1;x<= AST_FORMAT_MAX_AUDIO; x <<= 1) {
                if (p->capability & x) {
                        snprintf(tmp, sizeof(tmp), ", a:%s", ast_rtp_lookup_mime_subtype(1, x));
-                       strcat(local, tmp);
+                       strncat(local, tmp, sizeof(local) - strlen(local) - 1);
                }
        }
     if (mgcpdebug) {
@@ -1996,7 +1996,7 @@ static int transmit_notify_request_with_callerid(struct mgcp_subchannel *sub, ch
        if (callerid)
                strncpy(cid, callerid, sizeof(cid) - 1);
        else
-               strcpy(cid, "");
+               cid[0] = '\0';
        ast_callerid_parse(cid, &n, &l);
        if (l) {
                ast_shrink_phone_number(l);
@@ -2423,7 +2423,7 @@ static void *mgcp_ss(void *data)
             if (!res || !ast_matchmore_extension(chan, chan->context, exten, 1, p->callerid)) {
                 if (getforward) {
                     /* Record this as the forwarding extension */
-                    strncpy(p->call_forward, exten, sizeof(p->call_forward)); 
+                    strncpy(p->call_forward, exten, sizeof(p->call_forward) - 1); 
                     if (option_verbose > 2) {
                         ast_verbose(VERBOSE_PREFIX_3 "Setting call forward to '%s' on channel %s\n", 
                                 p->call_forward, chan->name);
@@ -3426,7 +3426,7 @@ static struct mgcp_gateway *build_gateway(char *cat, struct ast_variable *v)
                                nat = ast_true(v->value);
                        } else if (!strcasecmp(v->name, "callerid")) {
                                if (!strcasecmp(v->value, "asreceived"))
-                                       strcpy(callerid, "");
+                                       callerid[0] = '\0';
                                else
                                        strncpy(callerid, v->value, sizeof(callerid) - 1);
                        } else if (!strcasecmp(v->name, "language")) {
@@ -3495,7 +3495,7 @@ static struct mgcp_gateway *build_gateway(char *cat, struct ast_variable *v)
                         e->needaudit = 1;
                     }
                     strncpy(gw->wcardep, v->value, sizeof(gw->wcardep)-1);
-                                       //strcpy(e->name, "aaln/*");
+                                       //strncpy(e->name, "aaln/*", sizeof(e->name) - 1);
                                        /* XXX Should we really check for uniqueness?? XXX */
                                        strncpy(e->context, context, sizeof(e->context) - 1);
                                        strncpy(e->callerid, callerid, sizeof(e->callerid) - 1);
@@ -3531,7 +3531,7 @@ static struct mgcp_gateway *build_gateway(char *cat, struct ast_variable *v)
                                                        sub->parent = e;
                                                        sub->id = i;
                                                        snprintf(sub->txident, sizeof(sub->txident), "%08x", rand());
-                                                       /*strcpy(sub->txident, txident);*/
+                                                       /*stnrcpy(sub->txident, txident, sizeof(sub->txident) - 1);*/
                                                        sub->cxmode = MGCP_CX_INACTIVE;
                                                        sub->nat = nat;
                                                        sub->next = e->sub;
index ace64c7..1a235c4 100755 (executable)
@@ -180,7 +180,7 @@ static int modem_call(struct ast_channel *ast, char *idest, int timeout)
 {
        struct ast_modem_pvt *p;
        int ms = timeout;
-       char rdest[80], *where, dstr[100];
+       char rdest[80], *where, dstr[100] = "";
        char *stringp=NULL;
        strncpy(rdest, idest, sizeof(rdest)-1);
        stringp=rdest;
@@ -191,7 +191,7 @@ static int modem_call(struct ast_channel *ast, char *idest, int timeout)
                return -1;
        }
        p = ast->pvt->pvt;
-       strcpy(dstr,where + p->stripmsd);
+       strncpy(dstr, where + p->stripmsd, sizeof(dstr) - 1);
        /* if not a transfer or just sending tones, must be in correct state */
        if (strcasecmp(rdest, "transfer") && strcasecmp(rdest,"sendtones")) {
                if ((ast->_state != AST_STATE_DOWN) && (ast->_state != AST_STATE_RESERVED)) {
@@ -201,7 +201,7 @@ static int modem_call(struct ast_channel *ast, char *idest, int timeout)
        } 
        if (!strcasecmp(rdest,"transfer")) /* if a transfer, put in transfer stuff */
        {
-               sprintf(dstr,"!,%s",where + p->stripmsd);
+               snprintf(dstr, sizeof(dstr), "!,%s", where + p->stripmsd);
        }
        if (!strcasecmp(where, "handset")) {
                if (p->mc->setdev)
index 2fde4d4..ddcb720 100755 (executable)
@@ -152,7 +152,7 @@ static int bestdata_init(struct ast_modem_pvt *p)
 
 static struct ast_frame *bestdata_handle_escape(struct ast_modem_pvt *p, char esc)
 {
-       char name[30],nmbr[30];
+       char name[30]="",nmbr[30]="";
        time_t  now;
 
        /* Handle escaped characters -- but sometimes we call it directly as 
@@ -189,14 +189,14 @@ static struct ast_frame *bestdata_handle_escape(struct ast_modem_pvt *p, char es
                name[0] = nmbr[0] = 0;
                for(;;)
                   {
-                       char res[1000];
+                       char res[1000]="";
 
                        if (ast_modem_read_response(p, 5)) break;
                        strncpy(res, p->response, sizeof(res)-1);
                        ast_modem_trim(res);
                        if (!strncmp(res,"\020.",2)) break;
-                       if (!strncmp(res,"NAME",4)) strcpy(name,res + 7);
-                       if (!strncmp(res,"NMBR",4)) strcpy(nmbr,res + 7);
+                       if (!strncmp(res,"NAME",4)) strncpy(name,res + 7, sizeof(name) - 1);
+                       if (!strncmp(res,"NMBR",4)) strncpy(nmbr,res + 7, sizeof(nmbr) - 1);
                   }
                p->gotclid = 1;
                if ((!strcmp(name,"O")) || (!strcmp(name,"P"))) name[0] = 0;
@@ -485,13 +485,13 @@ static int bestdata_dialdigit(struct ast_modem_pvt *p, char digit)
 
 static int bestdata_dial(struct ast_modem_pvt *p, char *stuff)
 {
-       char cmd[800],a[20];
+       char cmd[800] = "",a[20]="";
        int i,j;
 
        if (p->ministate != STATE_COMMAND)
           {
                bestdata_break(p);
-               strcpy(cmd,"AT+VTS=");
+               strncpy(cmd, "AT+VTS=", sizeof(cmd) - 1);
                j = strlen(cmd);
                for(i = 0; stuff[i]; i++)
                   {
@@ -502,13 +502,13 @@ static int bestdata_dial(struct ast_modem_pvt *p, char *stuff)
                                a[1] = 0;
                                break;
                            case ',':
-                               strcpy(a,"[,,100]");
+                               strncpy(a, "[,,100]", sizeof(a) - 1);
                                break;
                            default:
-                               sprintf(a,"{%c,7}",stuff[i]);
+                               snprintf(a, sizeof(a), "{%c,7}", stuff[i]);
                           }
-                       if (stuff[i + 1]) strcat(a,",");
-                       strcpy(cmd + j,a);
+                       if (stuff[i + 1]) strncat(a, ",", sizeof(a) - strlen(a) - 1);
+                       strncpy(cmd + j, a, sizeof(cmd) - j - 1);
                        j += strlen(a);
                   }
           }
index 3ec1555..a188c12 100755 (executable)
@@ -214,7 +214,7 @@ static struct ast_channel *nbs_new(struct nbs_pvt *i, int state)
                tmp->pvt->write = nbs_xwrite;
                strncpy(tmp->context, context, sizeof(tmp->context)-1);
                strncpy(tmp->exten, "s",  sizeof(tmp->exten) - 1);
-               strcpy(tmp->language, "");
+               tmp->language[0] = '\0';
                i->owner = tmp;
                ast_mutex_lock(&usecnt_lock);
                usecnt++;
index 46d4e2c..538bfe1 100755 (executable)
@@ -825,7 +825,7 @@ static char sendtext_usage[] =
 static int console_sendtext(int fd, int argc, char *argv[])
 {
        int tmparg = 2;
-       char text2send[256];
+       char text2send[256] = "";
        struct ast_frame f = { 0, };
        if (argc < 2)
                return RESULT_SHOWUSAGE;
@@ -835,10 +835,10 @@ static int console_sendtext(int fd, int argc, char *argv[])
        }
        if (strlen(text2send))
                ast_cli(fd, "Warning: message already waiting to be sent, overwriting\n");
-       strcpy(text2send, "");
+       text2send[0] = '\0';
        while(tmparg < argc) {
-               strncat(text2send, argv[tmparg++], sizeof(text2send) - strlen(text2send));
-               strncat(text2send, " ", sizeof(text2send) - strlen(text2send));
+               strncat(text2send, argv[tmparg++], sizeof(text2send) - strlen(text2send) - 1);
+               strncat(text2send, " ", sizeof(text2send) - strlen(text2send) - 1);
        }
        if (strlen(text2send)) {
                f.frametype = AST_FRAME_TEXT;
index 536d3ef..4828d05 100755 (executable)
@@ -177,15 +177,16 @@ static int phone_call(struct ast_channel *ast, char *dest, int timeout)
        time(&UtcTime);
        localtime_r(&UtcTime,&tm);
 
+       memset(&cid, 0, sizeof(PHONE_CID));
        if(&tm != NULL) {
-               sprintf(cid.month, "%02d",(tm.tm_mon + 1));
-               sprintf(cid.day,   "%02d", tm.tm_mday);
-               sprintf(cid.hour,  "%02d", tm.tm_hour);
-               sprintf(cid.min,   "%02d", tm.tm_min);
+               snprintf(cid.month, sizeof(cid.month), "%02d",(tm.tm_mon + 1));
+               snprintf(cid.day, sizeof(cid.day),     "%02d", tm.tm_mday);
+               snprintf(cid.hour, sizeof(cid.hour),   "%02d", tm.tm_hour);
+               snprintf(cid.min, sizeof(cid.min),     "%02d", tm.tm_min);
        }
        /* the standard format of ast->callerid is:  "name" <number>, but not always complete */
        if (!ast->callerid || ast_strlen_zero(ast->callerid)){
-               strcpy(cid.name, DEFAULT_CALLER_ID);
+               strncpy(cid.name, DEFAULT_CALLER_ID, sizeof(cid.name) - 1);
                cid.number[0]='\0';
        } else {
                char *n, *l;
@@ -198,9 +199,9 @@ static int phone_call(struct ast_channel *ast, char *dest, int timeout)
                                l = NULL;
                }
                if (l)
-                       strncpy(cid.number, l, sizeof(cid.number));
+                       strncpy(cid.number, l, sizeof(cid.number) - 1);
                if (n)
-                       strncpy(cid.name, n, sizeof(cid.name));
+                       strncpy(cid.name, n, sizeof(cid.name) - 1);
        }
 
        p = ast->pvt->pvt;
@@ -734,7 +735,7 @@ static void phone_check_exception(struct phone_pvt *i)
                        ioctl(i->fd, PHONE_CPT_STOP);
                        i->dialtone = 0;
                        if (strlen(i->ext) < AST_MAX_EXTENSION - 1)
-                               strcat(i->ext, digit);
+                               strncat(i->ext, digit, sizeof(i->ext) - strlen(i->ext) - 1);
                        if (ast_exists_extension(NULL, i->context, i->ext, 1, i->callerid)) {
                                /* It's a valid extension in its context, get moving! */
                                phone_new(i, AST_STATE_RING, i->context);
index ad6c3a0..7b3137b 100755 (executable)
@@ -1013,7 +1013,7 @@ static struct sip_user *mysql_user(char *user)
                                for (x=0;x<numfields;x++) {
                                        if (rowval[x]) {
                                                if (!strcasecmp(fields[x].name, "secret")) {
-                                                       strncpy(u->secret, rowval[x], sizeof(u->secret));
+                                                       strncpy(u->secret, rowval[x], sizeof(u->secret) - 1);
                                                } else if (!strcasecmp(fields[x].name, "name")) {
                                                        strncpy(u->name, rowval[x], sizeof(u->name) - 1);
                                                } else if (!strcasecmp(fields[x].name, "context")) {
@@ -1115,7 +1115,7 @@ static struct sip_peer *mysql_peer(char *peer, struct sockaddr_in *sin)
                                for (x=0;x<numfields;x++) {
                                        if (rowval[x]) {
                                                if (!strcasecmp(fields[x].name, "secret")) {
-                                                       strncpy(p->secret, rowval[x], sizeof(p->secret));
+                                                       strncpy(p->secret, rowval[x], sizeof(p->secret) - 1);
                                                } else if (!strcasecmp(fields[x].name, "name")) {
                                                        strncpy(p->name, rowval[x], sizeof(p->name) - 1);
                                                } else if (!strcasecmp(fields[x].name, "context")) {
@@ -2299,7 +2299,7 @@ static struct sip_pvt *sip_alloc(char *callid, struct sockaddr_in *sin, int useg
        /* Assume reinvite OK and via INVITE */
        p->canreinvite = global_canreinvite;
        /* Assign default music on hold class */
-        strncpy(p->musicclass, global_musicclass, sizeof(p->musicclass));
+       strncpy(p->musicclass, global_musicclass, sizeof(p->musicclass) - 1);
        p->dtmfmode = global_dtmfmode;
        p->promiscredir = global_promiscredir;
        p->trustrpid = global_trustrpid;
@@ -2931,7 +2931,7 @@ static void add_route(struct sip_request *req, struct sip_route *route)
 /*--- set_destination: Set destination from SIP URI ---*/
 static void set_destination(struct sip_pvt *p, char *uri)
 {
-       char *h, *maddr, hostname[256];
+       char *h, *maddr, hostname[256] = "";
        char iabuf[INET_ADDRSTRLEN];
        int port, hn;
        struct hostent *hp;
@@ -2956,8 +2956,8 @@ static void set_destination(struct sip_pvt *p, char *uri)
                        h += 5;
        }
        hn = strcspn(h, ":;>");
-       if (hn>255) hn=255;
-       strncpy(hostname, h, hn);  hostname[hn] = '\0';
+       if (hn > (sizeof(hostname) - 1)) hn = sizeof(hostname) - 1;
+       strncpy(hostname, h, hn);  hostname[hn] = '\0'; /* safe */
        h+=hn;
 
        /* Is "port" present? if not default to 5060 */
@@ -2974,8 +2974,8 @@ static void set_destination(struct sip_pvt *p, char *uri)
        if (maddr) {
                maddr += 6;
                hn = strspn(maddr, "0123456789.");
-               if (hn>255) hn=255;
-               strncpy(hostname, maddr, hn);  hostname[hn] = '\0';
+               if (hn > (sizeof(hostname) - 1)) hn = sizeof(hostname) - 1;
+               strncpy(hostname, maddr, hn);  hostname[hn] = '\0'; /* safe */
        }
        
        hp = ast_gethostbyname(hostname, &ahp);
@@ -3396,7 +3396,7 @@ static int add_sdp(struct sip_request *resp, struct sip_pvt *p)
                                        snprintf(costr, sizeof(costr), "a=rtpmap:%d %s/8000\r\n", codec, ast_rtp_lookup_mime_subtype(1, x));
                                        strncat(a, costr, sizeof(a) - strlen(a) - 1);
                                } else {
-                                       strncat(m2, costr, sizeof(m2) - strlen(m2));
+                                       strncat(m2, costr, sizeof(m2) - strlen(m2) - 1);
                                        snprintf(costr, sizeof(costr), "a=rtpmap:%d %s/90000\r\n", codec, ast_rtp_lookup_mime_subtype(1, x));
                                        strncat(a2, costr, sizeof(a2) - strlen(a2) - 1);
                                }
@@ -3424,9 +3424,9 @@ static int add_sdp(struct sip_request *resp, struct sip_pvt *p)
        }
        strncat(a, "a=silenceSupp:off - - - -\r\n", sizeof(a) - strlen(a) - 1);
        if (strlen(m) < sizeof(m) - 2)
-               strcat(m, "\r\n");
+               strncat(m, "\r\n", sizeof(m) - strlen(m) - 1);
        if (strlen(m2) < sizeof(m2) - 2)
-               strcat(m2, "\r\n");
+               strncat(m2, "\r\n", sizeof(m2) - strlen(m2) - 1);
        if ((sizeof(m) <= strlen(m) - 2) || (sizeof(m2) <= strlen(m2) - 2) || (sizeof(a) == strlen(a)) || (sizeof(a2) == strlen(a2)))
                ast_log(LOG_WARNING, "SIP SDP may be truncated due to undersized buffer!!\n");
        len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a);
@@ -4171,7 +4171,7 @@ static void reg_source_db(struct sip_peer *p)
                                        if (u) {
                                                *u = '\0';
                                                u++;
-                                               strncpy(p->username, u, sizeof(p->username));
+                                               strncpy(p->username, u, sizeof(p->username) - 1);
                                        }
                                        ast_verbose(VERBOSE_PREFIX_3 "SIP Seeding '%s' at %s@%s:%d for %d\n", p->name, 
                                                p->username, ast_inet_ntoa(iabuf, sizeof(iabuf), in), atoi(c), atoi(d));
@@ -4302,7 +4302,7 @@ static int parse_contact(struct sip_pvt *pvt, struct sip_peer *p, struct sip_req
        /* Save User agent */
        useragent = get_header(req, "User-Agent");
        if(useragent && strcasecmp(useragent, p->useragent)) {
-               strncpy(p->useragent, useragent, sizeof(p->useragent));
+               strncpy(p->useragent, useragent, sizeof(p->useragent) - 1);
                if (option_verbose > 2) {
                        ast_verbose(VERBOSE_PREFIX_3 "Saved useragent \"%s\" for peer %s\n",p->useragent,p->name);  
                }
@@ -4372,7 +4372,7 @@ static void build_route(struct sip_pvt *p, struct sip_request *req, int backward
                        /* Make a struct route */
                        thishop = (struct sip_route *)malloc(sizeof(struct sip_route)+len+1);
                        if (thishop) {
-                               strncpy(thishop->hop, rr, len);
+                               strncpy(thishop->hop, rr, len); /* safe */
                                thishop->hop[len] = '\0';
                                ast_log(LOG_DEBUG, "build_route: Record-Route hop: <%s>\n", thishop->hop);
                                /* Link in */
@@ -4412,7 +4412,7 @@ static void build_route(struct sip_pvt *p, struct sip_request *req, int backward
                }
                thishop = (struct sip_route *)malloc(sizeof(struct sip_route)+len+1);
                if (thishop) {
-                       strncpy(thishop->hop, c, len);
+                       strncpy(thishop->hop, c, len); /* safe */
                        thishop->hop[len] = '\0';
                        thishop->next = NULL;
                        /* Goes at the end */
@@ -5027,10 +5027,13 @@ static int check_via(struct sip_pvt *p, struct sip_request *req)
 }
 
 /*--- get_calleridname: Get caller id name from SIP headers ---*/
-static char *get_calleridname(char *input,char *output)
+static char *get_calleridname(char *input,char *output, size_t outputsize)
 {
        char *end = strchr(input,'<');
        char *tmp = strchr(input,'\"');
+       int bytes = 0;
+       int maxbytes = outputsize - 1;
+
        if (!end || (end == input)) return NULL;
        /* move away from "<" */
        end--;
@@ -5038,7 +5041,13 @@ static char *get_calleridname(char *input,char *output)
        if (tmp && tmp < end) {
                end = strchr(tmp+1,'\"');
                if (!end) return NULL;
-               strncpy(output,tmp+1,(int)(end-tmp-1));
+               bytes = (int)(end-tmp-1);
+               /* protect the output buffer */
+               if (bytes > maxbytes) {
+                       bytes = maxbytes;
+               }
+               strncpy(output, tmp+1, bytes); /* safe */
+               output[maxbytes] = '\0';
        } else {
                /* we didn't find "name" */
                /* clear the empty characters in the begining*/
@@ -5047,10 +5056,17 @@ static char *get_calleridname(char *input,char *output)
                /* clear the empty characters in the end */
                while(*end && (*end < 33) && end > input)
                        end--;
-               if (end >= input)
-                       strncpy(output,input,(int)(end-input)+1);
+               if (end >= input) {
+                       bytes = (int)(end-input)+1;
+                       /* protect the output buffer */
+                       if (bytes > maxbytes) {
+                               bytes = maxbytes;
+                       }
+                       strncpy(output, input, bytes); /* safe */
+                       output[maxbytes] = '\0';
+               }
                else
-                       output = NULL;
+                       return(NULL);
        }
        return output;
 }
@@ -5107,7 +5123,7 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd
        of = get_header(req, "From");
        strncpy(from, of, sizeof(from) - 1);
        memset(calleridname,0,sizeof(calleridname));
-       get_calleridname(from,calleridname);
+       get_calleridname(from, calleridname, sizeof(calleridname));
 
        rpid = get_header(req, "Remote-Party-ID");
        memset(rpid_num,0,sizeof(rpid_num));
@@ -5306,12 +5322,12 @@ static int get_msg_text(char *buf, int len, struct sip_request *req)
        if (y < 0)
                y = 0;
        for (x=0;x<req->lines;x++) {
-               strncat(buf, req->line[x], y);
+               strncat(buf, req->line[x], y); /* safe */
                y -= strlen(req->line[x]) + 1;
                if (y < 0)
                        y = 0;
                if (y != 0)
-                       strcat(buf, "\n");
+                       strcat(buf, "\n"); /* safe */
        }
        return 0;
 }
@@ -5346,8 +5362,8 @@ static int sip_show_inuse(int fd, int argc, char *argv[]) {
 #define FORMAT  "%-15.15s %-15.15s %-15.15s %-15.15s %-15.15s\n"
 #define FORMAT2 "%-15.15s %-15.15s %-15.15s %-15.15s %-15.15s\n"
        struct sip_user *user;
-       char ilimits[40];
-       char olimits[40];
+       char ilimits[40] = "";
+       char olimits[40] = "";
        char iused[40];
        char oused[40];
        if (argc != 3) 
@@ -5359,11 +5375,11 @@ static int sip_show_inuse(int fd, int argc, char *argv[]) {
                if (user->incominglimit)
                        snprintf(ilimits, sizeof(ilimits), "%d", user->incominglimit);
                else
-                       strcpy(ilimits, "N/A");
+                       strncpy(ilimits, "N/A", sizeof(ilimits) - 1);
                if (user->outgoinglimit)
                        snprintf(olimits, sizeof(olimits), "%d", user->outgoinglimit);
                else
-                       strcpy(olimits, "N/A");
+                       strncpy(olimits, "N/A", sizeof(olimits) - 1);
                snprintf(iused, sizeof(iused), "%d", user->inUse);
                snprintf(oused, sizeof(oused), "%d", user->outUse);
                ast_cli(fd, FORMAT2, user->name, iused, ilimits,oused,olimits);
@@ -5410,7 +5426,7 @@ static int sip_show_peers(int fd, int argc, char *argv[])
        ast_cli(fd, FORMAT2, "Name/username", "Host", "Dyn", "Nat", "ACL", "Mask", "Port", "Status");
        for (peer = peerl.peers;peer;peer = peer->next) {
                char nm[20] = "";
-               char status[20];
+               char status[20] = "";
                int print_line = -1;
                char srch[2000];
 
@@ -5421,15 +5437,15 @@ static int sip_show_peers(int fd, int argc, char *argv[])
                        strncpy(name, peer->name, sizeof(name) - 1);
                if (peer->maxms) {
                        if (peer->lastms < 0)
-                               strcpy(status, "UNREACHABLE");
+                               strncpy(status, "UNREACHABLE", sizeof(status) - 1);
                        else if (peer->lastms > peer->maxms) 
                                snprintf(status, sizeof(status), "LAGGED (%d ms)", peer->lastms);
                        else if (peer->lastms) 
                                snprintf(status, sizeof(status), "OK (%d ms)", peer->lastms);
                        else 
-                               strcpy(status, "UNKNOWN");
+                               strncpy(status, "UNKNOWN", sizeof(status) - 1);
                } else 
-                       strcpy(status, "Unmonitored");
+                       strncpy(status, "Unmonitored", sizeof(status) - 1);
                        snprintf(srch, sizeof(srch), FORMAT, name,
                                peer->addr.sin_addr.s_addr ? ast_inet_ntoa(iabuf, sizeof(iabuf), peer->addr.sin_addr) : "(Unspecified)",
                                peer->dynamic ? " D " : "   ",  /* Dynamic or not? */
@@ -5510,7 +5526,7 @@ static void  print_group(int fd, unsigned int group)
 /*--- sip_show_peer: Show one peer in detail ---*/
 static int sip_show_peer(int fd, int argc, char *argv[])
 {
-       char status[30];
+       char status[30] = "";
        char iabuf[INET_ADDRSTRLEN];
        struct sip_peer *peer;
 
@@ -5590,13 +5606,13 @@ static int sip_show_peer(int fd, int argc, char *argv[])
                ast_cli(fd, "\n");
                ast_cli(fd, "  Status       : ");
                if (peer->lastms < 0)
-                       strcpy(status, "UNREACHABLE");
+                       strncpy(status, "UNREACHABLE", sizeof(status) - 1);
                else if (peer->lastms > peer->maxms)
                        snprintf(status, sizeof(status), "LAGGED (%d ms)", peer->lastms);
                else if (peer->lastms)
                        snprintf(status, sizeof(status), "OK (%d ms)", peer->lastms);
                else
-                       strcpy(status, "UNKNOWN");
+                       strncpy(status, "UNKNOWN", sizeof(status) - 1);
                ast_cli(fd, "%s\n",status);
                ast_cli(fd, "  Useragent    : %s\n", peer->useragent);
                ast_cli(fd,"\n");
@@ -7664,7 +7680,7 @@ static int sip_poke_peer(struct sip_peer *peer)
        p->peerpoke = peer;
        p->outgoing = 1;
 #ifdef VOCAL_DATA_HACK
-       strncpy(p->username, "__VOCAL_DATA_SHOULD_READ_THE_SIP_SPEC__", sizeof(p->username));
+       strncpy(p->username, "__VOCAL_DATA_SHOULD_READ_THE_SIP_SPEC__", sizeof(p->username) - 1);
        transmit_invite(p, "INVITE", 0, NULL, NULL, NULL,NULL,NULL, 1);
 #else
        transmit_invite(p, "OPTIONS", 0, NULL, NULL, NULL,NULL,NULL, 1);
@@ -7824,7 +7840,7 @@ static struct sip_user *build_user(char *name, struct ast_variable *v)
                strncpy(user->musicclass, global_musicclass, sizeof(user->musicclass)-1);
                while(v) {
                        if (!strcasecmp(v->name, "context")) {
-                               strncpy(user->context, v->value, sizeof(user->context));
+                               strncpy(user->context, v->value, sizeof(user->context) - 1);
                        } else if (!strcasecmp(v->name, "permit") ||
                                           !strcasecmp(v->name, "deny")) {
                                user->ha = ast_append_ha(v->name, v->value, user->ha);
index 3472cac..c624324 100755 (executable)
@@ -1060,7 +1060,7 @@ static struct skinny_device *build_device(char *cat, struct ast_variable *v)
                                nat = ast_true(v->value);
                        } else if (!strcasecmp(v->name, "callerid")) {
                                if (!strcasecmp(v->value, "asreceived")) {
-                                       strcpy(callerid, "");
+                                       callerid[0] = '\0';
                                } else {
                                        strncpy(callerid, v->value, sizeof(callerid) - 1);
                                }
@@ -1208,7 +1208,7 @@ static int skinny_register(skinny_req *req, struct skinnysession *s)
                        s->device = d;
                        d->type = req->data.reg.type;
                        if (ast_strlen_zero(d->version_id)) {
-                               strncpy(d->version_id, version_id, sizeof(d->version_id));
+                               strncpy(d->version_id, version_id, sizeof(d->version_id) - 1);
                        }
                        d->registered = 1;
                        d->session = s;
@@ -1276,7 +1276,7 @@ static void *skinny_ss(void *data)
             if (!res || !ast_matchmore_extension(chan, chan->context, exten, 1, l->callerid)) {
                 if (getforward) {
                     /* Record this as the forwarding extension */
-                    strncpy(l->call_forward, exten, sizeof(l->call_forward)); 
+                    strncpy(l->call_forward, exten, sizeof(l->call_forward) - 1); 
                     if (option_verbose > 2) {
                         ast_verbose(VERBOSE_PREFIX_3 "Setting call forward to '%s' on channel %s\n", 
                                 l->call_forward, chan->name);
@@ -1792,7 +1792,7 @@ static struct ast_channel *skinny_new(struct skinny_subchannel *sub, int state)
                ast_update_use_count();
                tmp->callgroup = l->callgroup;
                tmp->pickupgroup = l->pickupgroup;
-               strncpy(tmp->call_forward, l->call_forward, sizeof(tmp->call_forward));
+               strncpy(tmp->call_forward, l->call_forward, sizeof(tmp->call_forward) - 1);
                strncpy(tmp->context, l->context, sizeof(tmp->context)-1);
                strncpy(tmp->exten,l->exten, sizeof(tmp->exten)-1);
                if (!ast_strlen_zero(l->callerid)) {
@@ -1858,7 +1858,7 @@ static int handle_message(skinny_req *req, struct skinnysession *s)
                        memset(req, 0, sizeof(skinny_req));
                        req->len = sizeof(register_rej_message)+4;
                        req->e = REGISTER_REJ_MESSAGE;
-                       sprintf(req->data.regrej.errMsg, "No Authority: %s", name);
+                       snprintf(req->data.regrej.errMsg, sizeof(req->data.regrej.errMsg), "No Authority: %s", name);
                        transmit_response(s, req);
                        break;
                }
@@ -1868,10 +1868,12 @@ static int handle_message(skinny_req *req, struct skinnysession *s)
                memset(req, 0, SKINNY_MAX_PACKET);
                req->len = sizeof(register_ack_message)+4;
                req->e = REGISTER_ACK_MESSAGE;
-               strcpy(req->data.regack.res, "0");
+               req->data.regack.res[0] = '0';
+               req->data.regack.res[1] = '\0';
                req->data.regack.keepAlive = keep_alive;
-               strcpy(req->data.regack.dateTemplate, date_format);     
-               strcpy(req->data.regack.res2, "0");
+               strncpy(req->data.regack.dateTemplate, date_format, sizeof(req->data.regack.dateTemplate) - 1); 
+               req->data.regack.res2[0] = '0';
+               req->data.regack.res2[1] = '\0';
                req->data.regack.secondaryKeepAlive = keep_alive;
                transmit_response(s, req);
                if (skinnydebug) {
@@ -1953,7 +1955,7 @@ static int handle_message(skinny_req *req, struct skinnysession *s)
                memset(req, 0, SKINNY_MAX_PACKET);
                req->len = sizeof(version_res_message)+4;
                req->e = VERSION_RES_MESSAGE;
-               sprintf(req->data.version.version, s->device->version_id);
+               snprintf(req->data.version.version, sizeof(req->data.version.version), s->device->version_id);
                transmit_response(s, req);
                break;
        case SERVER_REQUEST_MESSAGE:
@@ -2045,8 +2047,8 @@ static int handle_message(skinny_req *req, struct skinnysession *s)
 #if 0  
                /* XXX Do this right XXX */     
                req->data.speeddialreq.speedDialNumber = speedDialNum;
-               sprintf(req->data.speeddial.speedDialDirNumber, "31337");
-               sprintf(req->data.speeddial.speedDialDisplayName, "Asterisk Rules!");
+               snprintf(req->data.speeddial.speedDialDirNumber, sizeof(req->data.speeddial.speedDialDirNumber), "31337");
+               snprintf(req->data.speeddial.speedDialDisplayName,  sizeof(req->data.speeddial.speedDialDisplayName),"Asterisk Rules!");
 #endif         
                transmit_response(s, req);
                break;
@@ -2177,11 +2179,21 @@ static int handle_message(skinny_req *req, struct skinnysession *s)
                }
                f.frametype = AST_FRAME_DTMF;
                if (digit == 14) {
-                       sprintf(&d, "*");
+                       d = '*';
                } else if (digit == 15) {
-                       sprintf(&d, "#");
+                       d = '#';
+               } else if (digit >=0 && digit <= 9) {
+                       d = '0' + digit;
                } else {
-                       sprintf(&d, "%d", digit);
+                       /* digit=10-13 (A,B,C,D ?), or
+                        * digit is bad value
+                        * 
+                        * probably should not end up here, but set
+                        * value for backward compatibility, and log
+                        * a warning.
+                        */
+                       d = '0' + digit;
+                       ast_log(LOG_WARNING, "Unsupported digit %d\n", digit);
                }
                f.subclass  = d;  
                f.src = "skinny";
index b249de1..ad567af 100755 (executable)
@@ -133,20 +133,20 @@ static char *dtypestr(int control)
 
 static char *vflagsstr(int flags)
 {
-       static char buf[80];
+       static char buf[80] = "";
        buf[0] = '\0';
        if (!flags)
                return "(None)";
        if (flags & VOFR_ROUTE_LOCAL)
-               strcat(buf, "Local ");
+               strncat(buf, "Local ", sizeof(buf) - strlen(buf) - 1);
        if (flags & VOFR_ROUTE_VOICE)
-               strcat(buf, "Voice ");
+               strncat(buf, "Voice ", sizeof(buf) - strlen(buf) - 1);
        if (flags & VOFR_ROUTE_DTE)
-               strcat(buf, "DTE ");
+               strncat(buf, "DTE ", sizeof(buf) - strlen(buf) - 1);
        else if (flags & VOFR_ROUTE_DTE1)
-               strcat(buf, "DTE1 ");
+               strncat(buf, "DTE1 ", sizeof(buf) - strlen(buf) - 1);
        else if (flags & VOFR_ROUTE_DTE2)       
-               strcat(buf, "DTE2 ");
+               strncat(buf, "DTE2 ", sizeof(buf) - strlen(buf) - 1);
        return buf;
 }
 
index 62c6fa8..e07b1c7 100755 (executable)
@@ -435,10 +435,10 @@ static void get_callerid(struct vpb_pvt *p)
                // This decodes FSK 1200baud type callerid
                if ((rc=vpb_cid_decode(callerid, buf, CID_MSECS*8)) == VPB_OK ) {
                        if(!*callerid) 
-                               strcpy(callerid,"undisclosed"); // blocked CID (eg caller used 1831)
+                               strncpy(callerid,"undisclosed", sizeof(callerid) - 1); // blocked CID (eg caller used 1831)
                } else {
                        ast_log(LOG_ERROR, "Failed to decode caller id on %s - %s\n", p->dev, vpb_strerror(rc) );
-                       strcpy(callerid,"unknown");
+                       strncpy(callerid,"unknown", sizeof(callerid) - 1);
                }
                p->owner->callerid = strdup(callerid);
 
@@ -756,7 +756,7 @@ static inline int monitor_handle_notowned(struct vpb_pvt *p, VPB_EVENT *e)
                        }
                        p->state=VPB_STATE_GETDTMF;
                        s[0] = e->data;
-                       strcat(p->ext, s);
+                       strncat(p->ext, s, sizeof(p->ext) - strlen(p->ext) - 1);
                        if (ast_exists_extension(NULL, p->context, p->ext, 1, p->callerid)){
                                vpb_new(p,AST_STATE_RING, p->context);
                        } else if (!ast_canmatch_extension(NULL, p->context, p->ext, 1, p->callerid)){
@@ -1018,20 +1018,20 @@ struct vpb_pvt *mkif(int board, int channel, int mode, float txgain, float rxgai
                return NULL;
        }
               
-       sprintf(tmp->dev, "vpb/%d-%d", board, channel);
+       snprintf(tmp->dev, sizeof(tmp->dev), "vpb/%d-%d", board, channel);
 
        tmp->mode = mode;
 
        tmp->group = group;
 
-       strcpy(tmp->language, language);
-       strcpy(tmp->context, context);
+       strncpy(tmp->language, language, sizeof(tmp->language) - 1);
+       strncpy(tmp->context, context, sizeof(tmp->context) - 1);
 
        if(callerid) { 
-               strcpy(tmp->callerid, callerid);
+               strncpy(tmp->callerid, callerid, sizeof(tmp->callerid) - 1);
                free(callerid);
        } else {
-               strcpy(tmp->callerid, "unknown");
+               strncpy(tmp->callerid, "unknown", sizeof(tmp->callerid) - 1);
        }
 
        /* check if codec balances have been set in the config file */
@@ -1202,7 +1202,7 @@ static int vpb_call(struct ast_channel *ast, char *dest, int timeout)
        struct vpb_pvt *p = (struct vpb_pvt *)ast->pvt->pvt;
        int res = 0,i;
        char *s = strrchr(dest, '/');
-       char dialstring[254];
+       char dialstring[254] = "";
        int tmp = 0;
 
        if (option_verbose > 3) ast_verbose("%s: LOCKING in call \n", p->dev);
@@ -1212,7 +1212,7 @@ static int vpb_call(struct ast_channel *ast, char *dest, int timeout)
                s = s + 1;
        else
                s = dest;
-       strcpy(dialstring,s);
+       strncpy(dialstring, s, sizeof(dialstring) - 1);
        for (i=0; dialstring[i] != '\0' ; i++) {
                if ((dialstring[i] == 'w') || (dialstring[i] == 'W'))
                        dialstring[i] = ',';
@@ -1789,7 +1789,7 @@ static struct ast_channel *vpb_new(struct vpb_pvt *i, int state, char *context)
            
        tmp = ast_channel_alloc(1);
        if (tmp) {
-               strncpy(tmp->name, i->dev, sizeof(tmp->name));
+               strncpy(tmp->name, i->dev, sizeof(tmp->name) - 1);
                tmp->type = type;
               
                // Linear is the preferred format. Although Voicetronix supports other formats
index ccb534f..8d8f529 100755 (executable)
@@ -929,7 +929,7 @@ static char *event2str(int event)
         static char buf[256];
         if ((event < 15) && (event > -1))
                 return events[event];
-        sprintf(buf, "Event %d", event);
+        sprintf(buf, "Event %d", event); /* safe */
         return buf;
 }
 
@@ -1531,7 +1531,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout)
                                snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "Tw%s", c);
                                ast_log(LOG_DEBUG, "FXO: setup deferred dialstring: %s\n", c);
                        } else {
-                               strcpy(p->dop.dialstr, "");
+                               p->dop.dialstr[0] = '\0';
                        }
                        x = ZT_RING;
                        if (ioctl(p->subs[SUB_REAL].zfd, ZT_HOOK, &x) && (errno != EINPROGRESS)) {
@@ -1546,7 +1546,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout)
                        if (ast->callerid)
                                strncpy(p->callwaitcid, ast->callerid, sizeof(p->callwaitcid)-1);
                        else
-                               strcpy(p->callwaitcid, "");
+                               p->callwaitcid[0] = '\0';
                        /* Call waiting tone instead */
                        if (zt_callwait(ast)) {
                                ast_mutex_unlock(&p->lock);
@@ -1560,7 +1560,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout)
                if (ast->callerid) 
                        strncpy(callerid, ast->callerid, sizeof(callerid)-1);
                else
-                       strcpy(callerid, "");
+                       callerid[0] = '\0';
                ast_callerid_parse(callerid, &n, &l);
                if (l) {
                        ast_shrink_phone_number(l);
@@ -1568,9 +1568,9 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout)
                                l = NULL;
                }
                if (l)
-                       strcpy(p->lastcallerid, l);
+                       strncpy(p->lastcallerid, l, sizeof(p->lastcallerid) - 1);
                else
-                       strcpy(p->lastcallerid, "");
+                       p->lastcallerid[0] = '\0';
                ast_setstate(ast, AST_STATE_RINGING);
                index = zt_get_index(ast, p, 0);
                if (index > -1) {
@@ -1647,7 +1647,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout)
                                snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "M*02#*%s#", c + p->stripmsd);
                } else 
                if (p->sig == SIG_E911) {
-                       strcpy(p->dop.dialstr,"M*911#");
+                       strncpy(p->dop.dialstr, "M*911#", sizeof(p->dop.dialstr) - 1);
                } else
                if (p->sig == SIG_FEATB) {
                        snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "M*%s#", c + p->stripmsd);
@@ -1655,8 +1655,8 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout)
                        snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "T%sw", c + p->stripmsd);
                if (strlen(p->dop.dialstr) > 4) {
                        memset(p->echorest, 'w', sizeof(p->echorest) - 1);
-                       p->echorest[sizeof(p->echorest) - 1] = '\0';
                        strcpy(p->echorest + (p->echotraining / 400) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2);
+                       p->echorest[sizeof(p->echorest) - 1] = '\0';
                        p->echobreak = 1;
                        p->dop.dialstr[strlen(p->dop.dialstr)-2] = '\0';
                } else
@@ -1681,7 +1681,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout)
                break;          
        case SIG_PRI:
                /* We'll get it in a moment -- but use dialdest to store pre-setup_ack digits */
-               strcpy(p->dialdest, "");
+               p->dialdest[0] = '\0';
                break;
        default:
                ast_log(LOG_DEBUG, "not yet implemented\n");
@@ -1717,10 +1717,10 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout)
                        if (strlen(s))
                                snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "T%s", s);
                        else
-                               strcpy(p->dop.dialstr, "");
+                               p->dop.dialstr[0] = '\0';
                        *s = '\0';
                } else {
-                       strcpy(p->dop.dialstr, "");
+                       p->dop.dialstr[0] = '\0';
                }
                if (pri_grab(p, p->pri)) {
                        ast_log(LOG_WARNING, "Failed to grab PRI!\n");
@@ -1936,7 +1936,7 @@ static int zt_hangup(struct ast_channel *ast)
        if (p->dsp)
                ast_dsp_digitmode(p->dsp,DSP_DIGITMODE_DTMF | p->dtmfrelax);
        if (p->exten)
-               strcpy(p->exten, "");
+               p->exten[0] = '\0';
 
        ast_log(LOG_DEBUG, "Hangup: channel: %d index = %d, normal = %d, callwait = %d, thirdcall = %d\n",
                p->channel, index, p->subs[SUB_REAL].zfd, p->subs[SUB_CALLWAIT].zfd, p->subs[SUB_THREEWAY].zfd);
@@ -2154,7 +2154,7 @@ static int zt_hangup(struct ast_channel *ast)
                p->callwaiting = p->permcallwaiting;
                p->hidecallerid = p->permhidecallerid;
                p->dialing = 0;
-               strcpy(p->rdnis, "");
+               p->rdnis[0] = '\0';
                update_conf(p);
                /* Restore data mode */
                if (p->sig == SIG_PRI) {
@@ -3049,7 +3049,7 @@ static struct ast_frame *zt_handle_event(struct ast_channel *ast)
                                zt_enable_ec(p);
                                if (p->echobreak) {
                                        zt_train_ec(p);
-                                       strcpy(p->dop.dialstr, p->echorest);
+                                       strncpy(p->dop.dialstr, p->echorest, sizeof(p->dop.dialstr) - 1);
                                        p->dop.op = ZT_DIAL_OP_REPLACE;
                                        res = ioctl(p->subs[SUB_REAL].zfd, ZT_DIAL, &p->dop);
                                        p->echobreak = 0;
@@ -3203,11 +3203,11 @@ static struct ast_frame *zt_handle_event(struct ast_channel *ast)
                                else
                                        c = p->dialdest;
                                if (*c) snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "M*0%s#", c);
-                               else strcpy(p->dop.dialstr,"M*2#");
+                               else strncpy(p->dop.dialstr,"M*2#", sizeof(p->dop.dialstr) - 1);
                                if (strlen(p->dop.dialstr) > 4) {
                                        memset(p->echorest, 'w', sizeof(p->echorest) - 1);
-                                       p->echorest[sizeof(p->echorest) - 1] = '\0';
                                        strcpy(p->echorest + (p->echotraining / 401) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2);
+                                       p->echorest[sizeof(p->echorest) - 1] = '\0';
                                        p->echobreak = 1;
                                        p->dop.dialstr[strlen(p->dop.dialstr)-2] = '\0';
                                } else
@@ -3402,7 +3402,9 @@ static struct ast_frame *zt_handle_event(struct ast_channel *ast)
                                                                        if (p->zaptrcallerid) {
                                                                                if (!p->origcallerid) {
                                                                                        p->origcallerid = malloc(strlen(p->callerid) + 1);
-                                                                                       strncpy(p->origcallerid, p->callerid, strlen(p->callerid) + 1);
+                                                                                       strncpy(p->origcallerid, p->callerid, strlen(p->callerid)); /* safe */
+                                                                                       /* make sure p->origcallerid is terminated */
+                                                                                       p->origcallerid[strlen(p->callerid)] = '\0';
                                                                                }
                                                                                strncpy(p->callerid, callerid, sizeof(p->callerid) -1);
                                                                        }
@@ -4341,7 +4343,7 @@ static struct ast_channel *zt_new(struct zt_pvt *i, int state, int startpbx, int
                i->subs[index].owner = tmp;
                strncpy(tmp->context, i->context, sizeof(tmp->context)-1);
                /* Copy call forward info */
-               strncpy(tmp->call_forward, i->call_forward, sizeof(tmp->call_forward));
+               strncpy(tmp->call_forward, i->call_forward, sizeof(tmp->call_forward) - 1);
                /* If we've been told "no ADSI" then enforce it */
                if (!i->adsi)
                        tmp->adsicpe = AST_ADSI_UNAVAILABLE;
@@ -4512,7 +4514,7 @@ static void *ss_thread(void *data)
                tone_zone_play_tone(p->subs[index].zfd, -1);
                if (ast_exists_extension(chan, chan->context, exten, 1, p->callerid)) {
                        /* Start the real PBX */
-                       strncpy(chan->exten, exten, sizeof(chan->exten));
+                       strncpy(chan->exten, exten, sizeof(chan->exten) - 1);
                        ast_dsp_digitreset(p->dsp);
                        ast_setstate(chan, AST_STATE_RING);
                        res = ast_pbx_run(chan);
@@ -4662,7 +4664,7 @@ static void *ss_thread(void *data)
                                                chan->ani = strdup(chan->callerid);
                                        }
                                if (s1) strncpy(exten, s1, sizeof(exten)-1);
-                               else strcpy(exten,"911");
+                               else strncpy(exten, "911", sizeof(exten) - 1);
                                printf("E911: exten: %s, ANI: %s\n",exten,chan->ani);
                        } else
                                ast_log(LOG_WARNING, "Got a non-E911 input on channel %d.  Assuming E&M Wink instead\n", p->channel);
@@ -4739,7 +4741,7 @@ static void *ss_thread(void *data)
                                if (!res || !ast_matchmore_extension(chan, chan->context, exten, 1, p->callerid)) {
                                        if (getforward) {
                                                /* Record this as the forwarding extension */
-                                               strncpy(p->call_forward, exten, sizeof(p->call_forward)); 
+                                               strncpy(p->call_forward, exten, sizeof(p->call_forward) - 1); 
                                                if (option_verbose > 2)
                                                        ast_verbose(VERBOSE_PREFIX_3 "Setting call forward to '%s' on channel %d\n", p->call_forward, p->channel);
                                                res = tone_zone_play_tone(p->subs[index].zfd, ZT_TONE_DIALRECALL);
@@ -5080,7 +5082,7 @@ static void *ss_thread(void *data)
                } else if (number) {
                        snprintf(cid, sizeof(cid), "%s", number);
                } else {
-                       strcpy(cid, "");
+                       cid[0] = '\0';
                }
                if (cs)
                        callerid_free(cs);
@@ -7108,25 +7110,27 @@ static void *pri_dchannel(void *vpri)
                                                } else
                                                        strncpy(pri->pvts[chanpos]->callerid, e->ring.callingnum, sizeof(pri->pvts[chanpos]->callerid)-1);
                                        } else
-                                               strcpy(pri->pvts[chanpos]->callerid, "");
-                                       strncpy(pri->pvts[chanpos]->rdnis, e->ring.redirectingnum, sizeof(pri->pvts[chanpos]->rdnis));
+                                               pri->pvts[chanpos]->callerid[0] = '\0';
+                                       strncpy(pri->pvts[chanpos]->rdnis, e->ring.redirectingnum, sizeof(pri->pvts[chanpos]->rdnis) - 1);
                                        /* If immediate=yes go to s|1 */
                                        if (pri->pvts[chanpos]->immediate) {
                                                if (option_verbose > 2)
                                                        ast_verbose(VERBOSE_PREFIX_3 "Going to extension s|1 because of immediate=yes\n");
-                                               strcpy(pri->pvts[chanpos]->exten, "s");
+                                               pri->pvts[chanpos]->exten[0] = 's';
+                                               pri->pvts[chanpos]->exten[1] = '\0';
                                        }
                                        /* Get called number */
                                        else if (!ast_strlen_zero(e->ring.callednum)) {
                                                strncpy(pri->pvts[chanpos]->exten, e->ring.callednum, sizeof(pri->pvts[chanpos]->exten)-1);
-                                               strncpy(pri->pvts[chanpos]->dnid, e->ring.callednum, sizeof(pri->pvts[chanpos]->dnid));
+                                               strncpy(pri->pvts[chanpos]->dnid, e->ring.callednum, sizeof(pri->pvts[chanpos]->dnid) - 1);
                                        } else
-                                               strcpy(pri->pvts[chanpos]->exten, "");
+                                               pri->pvts[chanpos]->exten[0] = '\0';
                                        /* No number yet, but received "sending complete"? */
                                        if (e->ring.complete && (ast_strlen_zero(e->ring.callednum))) {
                                                if (option_verbose > 2)
                                                        ast_verbose(VERBOSE_PREFIX_3 "Going to extension s|1 because of Complete received\n");
-                                               strcpy(pri->pvts[chanpos]->exten, "s");
+                                               pri->pvts[chanpos]->exten[0] = 's';
+                                               pri->pvts[chanpos]->exten[1] = '\0';
                                        }
                                        /* Make sure extension exists (or in overlap dial mode, can exist) */
                                        if ((pri->overlapdial && ast_canmatch_extension(NULL, pri->pvts[chanpos]->context, pri->pvts[chanpos]->exten, 1, pri->pvts[chanpos]->callerid)) ||
@@ -7723,21 +7727,25 @@ static int handle_pri_really_debug(int fd, int argc, char *argv[])
        return RESULT_SUCCESS;
 }
 
-static void build_status(char *s, int status, int active)
+static void build_status(char *s, size_t len, int status, int active)
 {
-       strcpy(s, "");
+       if (!s || len < 1) {
+               return;
+       }
+       s[0] = '\0';
        if (status & DCHAN_PROVISIONED)
-               strcat(s, "Provisioned, ");
+               strncat(s, "Provisioned, ", len - strlen(s) - 1);
        if (!(status & DCHAN_NOTINALARM))
-               strcat(s, "In Alarm, ");
+               strncat(s, "In Alarm, ", len - strlen(s) - 1);
        if (status & DCHAN_UP)
-               strcat(s, "Up");
+               strncat(s, "Up", len - strlen(s) - 1);
        else
-               strcat(s, "Down");
+               strncat(s, "Down", len - strlen(s) - 1);
        if (active)
-               strcat(s, ", Active");
+               strncat(s, ", Active", len - strlen(s) - 1);
        else
-               strcat(s, ", Standby");
+               strncat(s, ", Standby", len - strlen(s) - 1);
+       s[len - 1] = '\0';
 }
 
 static int handle_pri_show_span(int fd, int argc, char *argv[])
@@ -7759,7 +7767,7 @@ static int handle_pri_show_span(int fd, int argc, char *argv[])
        for(x=0;x<NUM_DCHANS;x++) {
                if (pris[span-1].dchannels[x]) {
                        ast_cli(fd, "%s D-channel: %d\n", pri_order(x), pris[span-1].dchannels[x]);
-                       build_status(status, pris[span-1].dchanavail[x], pris[span-1].dchans[x] == pris[span-1].pri);
+                       build_status(status, sizeof(status), pris[span-1].dchanavail[x], pris[span-1].dchans[x] == pris[span-1].pri);
                        ast_cli(fd, "Status: %s\n", status);
                        pri_dump_info(pris[span-1].pri);
                        ast_cli(fd, "\n");
@@ -7904,7 +7912,7 @@ static int zap_show_channels(int fd, int argc, char **argv)
 #define FORMAT "%7s %-10.10s %-15.15s %-10.10s %-20.20s\n"
 #define FORMAT2 "%7s %-10.10s %-15.15s %-10.10s %-20.20s\n"
        struct zt_pvt *tmp = NULL;
-       char tmps[20];
+       char tmps[20] = "";
        ast_mutex_t *lock;
        struct zt_pvt *start;
 #ifdef ZAPATA_PRI
@@ -7948,9 +7956,9 @@ static int zap_show_channels(int fd, int argc, char **argv)
        tmp = start;
        while (tmp) {
                if (tmp->channel > 0) {
-                       sprintf(tmps, "%d", tmp->channel);
+                       snprintf(tmps, sizeof(tmps), "%d", tmp->channel);
                } else
-                       strcpy(tmps, "pseudo");
+                       strncpy(tmps, "pseudo", sizeof(tmps) - 1);
                ast_cli(fd, FORMAT, tmps, tmp->exten, tmp->context, tmp->language, tmp->musicclass);
                tmp = tmp->next;
        }
@@ -8104,20 +8112,20 @@ static int handle_zap_show_cadences(int fd, int argc, char *argv[])
        for (i=0;i<num_cadence;i++) {
                char output[1024];
                char tmp[16], tmp2[64];
-               snprintf(tmp, sizeof(tmp) - 1, "r%d: ", i + 1);
+               snprintf(tmp, sizeof(tmp), "r%d: ", i + 1);
                term_color(output, tmp, COLOR_GREEN, COLOR_BLACK, sizeof(output));
 
                for (j=0;j<16;j++) {
                        if (cadences[i].ringcadence[j] == 0)
                                break;
-                       snprintf(tmp,sizeof(tmp) - 1,"%d", cadences[i].ringcadence[j]);
+                       snprintf(tmp, sizeof(tmp), "%d", cadences[i].ringcadence[j]);
                        if (cidrings[i] * 2 - 1 == j)
                                term_color(tmp2, tmp, COLOR_MAGENTA, COLOR_BLACK, sizeof(tmp2) - 1);
                        else
                                term_color(tmp2, tmp, COLOR_GREEN, COLOR_BLACK, sizeof(tmp2) - 1);
                        if (j != 0)
-                               strncat(output, ",", sizeof(output) - strlen(output));
-                       strncat(output, tmp2, sizeof(output) - strlen(output));
+                               strncat(output, ",", sizeof(output) - strlen(output) - 1);
+                       strncat(output, tmp2, sizeof(output) - strlen(output) - 1);
                }
                ast_cli(fd,"%s\n",output);
        }
@@ -8706,7 +8714,7 @@ static int setup_zap(void)
                        }
                } else if (!strcasecmp(v->name, "callerid")) {
                        if (!strcasecmp(v->value, "asreceived"))
-                               strcpy(callerid,"");
+                               callerid[0] = '\0';
                        else
                                strncpy(callerid, v->value, sizeof(callerid)-1);
                } else if (!strcasecmp(v->name, "useincomingcalleridonzaptransfer")) {
@@ -8913,7 +8921,7 @@ static int setup_zap(void)
                        char original_args[80];
                        int cadence_is_ok = 1;
 
-                       strncpy(original_args, v->value, sizeof(original_args));
+                       strncpy(original_args, v->value, sizeof(original_args) - 1);
                        /* 16 cadences allowed (8 pairs) */
                        element_count = sscanf(v->value, "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d", &c[0], &c[1], &c[2], &c[3], &c[4], &c[5], &c[6], &c[7], &c[8], &c[9], &c[10], &c[11], &c[12], &c[13], &c[14], &c[15]);
 
@@ -9104,7 +9112,7 @@ static int reload_zt(void)
        char *stringp=NULL;
 
        /* Some crap that needs to be reinitialized on the reload */
-       strcpy(context, "default");
+       strncpy(context, "default", sizeof(context) - 1);
        language[0] = '\0'; 
        musicclass[0] = '\0';
        use_callerid = 1;
@@ -9299,7 +9307,7 @@ static int reload_zt(void)
                        }
                } else if (!strcasecmp(v->name, "callerid")) {
                        if (!strcasecmp(v->value, "asreceived"))
-                               strcpy(callerid,"");
+                               callerid[0] = '\0';
                        else
                                strncpy(callerid, v->value, sizeof(callerid)-1);
                } else if (!strcasecmp(v->name, "signalling")) {
index da10977..08964eb 100755 (executable)
@@ -70,17 +70,20 @@ static struct iax_flag {
 char *iax_provflags2str(char *buf, int buflen, unsigned int flags)
 {
        int x;
-       strcpy(buf, "");
+       if (!buf || buflen < 1) {
+               return(NULL);
+       }
+       buf[0] = '\0';
        for (x=0;x<sizeof(iax_flags) / sizeof(iax_flags[0]); x++) {
                if (flags & iax_flags[x].value){
-                       strcat(buf, iax_flags[x].name);
-                       strcat(buf, ",");
+                       strncat(buf, iax_flags[x].name, buflen - strlen(buf) - 1);
+                       strncat(buf, ",", buflen - strlen(buf) - 1);
                }
        }
        if (strlen(buf)) 
                buf[strlen(buf) - 1] = '\0';
        else
-               strcpy(buf, "none");
+               strncpy(buf, "none", buflen - 1);
        return buf;
 }
 
@@ -276,7 +279,7 @@ static int iax_template_parse(struct iax_template *cur, struct ast_config *cfg,
        if (def)
                strncpy(cur->src, def, sizeof(cur->src) - 1);
        else
-               strcpy(cur->src, "");
+               cur->src[0] = '\0';
        v = ast_variable_browse(cfg, s);
        while(v) {
                if (!strcasecmp(v->name, "port") || !strcasecmp(v->name, "serverport")) {