diff options
| -rwxr-xr-x | channels/chan_agent.c | 56 | ||||
| -rwxr-xr-x | channels/chan_alsa.c | 8 | ||||
| -rwxr-xr-x | channels/chan_h323.c | 11 | ||||
| -rwxr-xr-x | channels/chan_iax.c | 76 | ||||
| -rwxr-xr-x | channels/chan_iax2.c | 82 | ||||
| -rwxr-xr-x | channels/chan_mgcp.c | 34 | ||||
| -rwxr-xr-x | channels/chan_modem.c | 6 | ||||
| -rwxr-xr-x | channels/chan_modem_bestdata.c | 20 | ||||
| -rwxr-xr-x | channels/chan_nbs.c | 2 | ||||
| -rwxr-xr-x | channels/chan_oss.c | 8 | ||||
| -rwxr-xr-x | channels/chan_phone.c | 17 | ||||
| -rwxr-xr-x | channels/chan_sip.c | 88 | ||||
| -rwxr-xr-x | channels/chan_skinny.c | 40 | ||||
| -rwxr-xr-x | channels/chan_vofr.c | 12 | ||||
| -rwxr-xr-x | channels/chan_vpb.c | 22 | ||||
| -rwxr-xr-x | channels/chan_zap.c | 104 | ||||
| -rwxr-xr-x | channels/iax2-provision.c | 13 |
17 files changed, 320 insertions, 279 deletions
diff --git a/channels/chan_agent.c b/channels/chan_agent.c index ffe87c2bb..bf71e9aab 100755 --- a/channels/chan_agent.c +++ b/channels/chan_agent.c @@ -96,11 +96,11 @@ AST_MUTEX_DEFINE_STATIC(usecnt_lock); AST_MUTEX_DEFINE_STATIC(agentlock); static int recordagentcalls = 0; -static char recordformat[AST_MAX_BUF]; -static char recordformatext[AST_MAX_BUF]; +static char recordformat[AST_MAX_BUF] = ""; +static char recordformatext[AST_MAX_BUF] = ""; static int createlink = 0; -static char urlprefix[AST_MAX_BUF]; -static char savecallsin[AST_MAX_BUF]; +static char urlprefix[AST_MAX_BUF] = ""; +static char savecallsin[AST_MAX_BUF] = ""; static int updatecdr = 0; static char beep[AST_MAX_BUF] = "beep"; @@ -185,11 +185,11 @@ static void agent_unlink(struct agent_pvt *agent) static struct agent_pvt *add_agent(char *agent, int pending) { - char tmp[AST_MAX_BUF]; + char tmp[AST_MAX_BUF] = ""; char *password=NULL, *name=NULL; struct agent_pvt *p, *prev; - strncpy(tmp, agent, sizeof(tmp)); + strncpy(tmp, agent, sizeof(tmp) - 1); if ((password = strchr(tmp, ','))) { *password = '\0'; password++; @@ -535,7 +535,7 @@ static int agent_hangup(struct ast_channel *ast) p->agent, p->loginchan, logintime, ast->uniqueid); snprintf(agent, sizeof(agent), "Agent/%s", p->agent); ast_queue_log("NONE", ast->uniqueid, agent, "AGENTCALLBACKLOGOFF", "%s|%ld|%s", p->loginchan, logintime, "Autologoff"); - strcpy(p->loginchan, ""); + p->loginchan[0] = '\0'; } } else if (p->dead) { ast_mutex_lock(&p->chan->lock); @@ -777,14 +777,14 @@ static int read_agent_config(void) p->dead = 1; p = p->next; } - strcpy(moh, "default"); + strncpy(moh, "default", sizeof(moh) - 1); /* set the default recording values */ recordagentcalls = 0; createlink = 0; - strcpy(recordformat, "wav"); - strcpy(recordformatext, "wav"); - strcpy(urlprefix, ""); - strcpy(savecallsin, ""); + strncpy(recordformat, "wav", sizeof(recordformat) - 1); + strncpy(recordformatext, "wav", sizeof(recordformatext) - 1); + urlprefix[0] = '\0'; + savecallsin[0] = '\0'; v = ast_variable_browse(cfg, "agents"); while(v) { @@ -819,20 +819,20 @@ static int read_agent_config(void) } else if (!strcasecmp(v->name, "recordformat")) { strncpy(recordformat, v->value, sizeof(recordformat) - 1); if (!strcasecmp(v->value, "wav49")) - strcpy(recordformatext, "WAV"); + strncpy(recordformatext, "WAV", sizeof(recordformatext) - 1); else - strncpy(recordformatext, v->value, sizeof(recordformat) - 1); + strncpy(recordformatext, v->value, sizeof(recordformatext) - 1); } else if (!strcasecmp(v->name, "urlprefix")) { strncpy(urlprefix, v->value, sizeof(urlprefix) - 2); if (urlprefix[strlen(urlprefix) - 1] != '/') - strcat(urlprefix, "/"); + strncat(urlprefix, "/", sizeof(urlprefix) - strlen(urlprefix) - 1); } else if (!strcasecmp(v->name, "savecallsin")) { if (v->value[0] == '/') strncpy(savecallsin, v->value, sizeof(savecallsin) - 2); else snprintf(savecallsin, sizeof(savecallsin) - 2, "/%s", v->value); if (savecallsin[strlen(savecallsin) - 1] != '/') - strcat(savecallsin, "/"); + strncat(savecallsin, "/", sizeof(savecallsin) - strlen(savecallsin) - 1); } else if (!strcasecmp(v->name, "custom_beep")) { strncpy(beep, v->value, sizeof(beep) - 1); } @@ -1076,8 +1076,8 @@ static int agents_show(int fd, int argc, char **argv) { struct agent_pvt *p; char username[AST_MAX_BUF]; - char location[AST_MAX_BUF]; - char talkingto[AST_MAX_BUF]; + char location[AST_MAX_BUF] = ""; + char talkingto[AST_MAX_BUF] = ""; char moh[AST_MAX_BUF]; if (argc != 2) @@ -1095,22 +1095,22 @@ static int agents_show(int fd, int argc, char **argv) if (!ast_strlen_zero(p->name)) snprintf(username, sizeof(username), "(%s) ", p->name); else - strcpy(username, ""); + username[0] = '\0'; if (p->chan) { snprintf(location, sizeof(location), "logged in on %s", p->chan->name); if (p->owner && p->owner->bridge) { snprintf(talkingto, sizeof(talkingto), " talking to %s", p->owner->bridge->name); } else { - strcpy(talkingto, " is idle"); + strncpy(talkingto, " is idle", sizeof(talkingto) - 1); } } else if (!ast_strlen_zero(p->loginchan)) { snprintf(location, sizeof(location) - 20, "available at '%s'", p->loginchan); - strcpy(talkingto, ""); + talkingto[0] = '\0'; if (p->acknowledged) - strcat(location, " (Confirmed)"); + strncat(location, " (Confirmed)", sizeof(location) - strlen(location) - 1); } else { - strcpy(location, "not logged in"); - strcpy(talkingto, ""); + strncpy(location, "not logged in", sizeof(location) - 1); + talkingto[0] = '\0'; } if (!ast_strlen_zero(p->moh)) snprintf(moh, sizeof(moh), " (musiconhold is '%s')", p->moh); @@ -1142,7 +1142,7 @@ static int __login_exec(struct ast_channel *chan, void *data, int callbackmode) struct agent_pvt *p; struct localuser *u; struct timeval tv; - char user[AST_MAX_AGENT]; + char user[AST_MAX_AGENT] = ""; char pass[AST_MAX_AGENT]; char agent[AST_MAX_AGENT] = ""; char xpass[AST_MAX_AGENT] = ""; @@ -1183,7 +1183,7 @@ static int __login_exec(struct ast_channel *chan, void *data, int callbackmode) res = ast_answer(chan); if (!res) { if( opt_user && !ast_strlen_zero(opt_user)) - strncpy( user, opt_user, AST_MAX_AGENT ); + strncpy( user, opt_user, AST_MAX_AGENT - 1); else res = ast_app_getdata(chan, "agent-user", user, sizeof(user) - 1, 0); } @@ -1201,7 +1201,7 @@ static int __login_exec(struct ast_channel *chan, void *data, int callbackmode) if (!ast_strlen_zero(xpass)) res = ast_app_getdata(chan, "agent-pass", pass, sizeof(pass) - 1, 0); else - strcpy(pass, ""); + pass[0] = '\0'; } errmsg = "agent-incorrect"; @@ -1276,7 +1276,7 @@ static int __login_exec(struct ast_channel *chan, void *data, int callbackmode) } } else { - strcpy(p->loginchan, ""); + p->loginchan[0] = '\0'; p->acknowledged = 0; } play_announcement = 1; diff --git a/channels/chan_alsa.c b/channels/chan_alsa.c index b13224bc8..edddc7c70 100755 --- a/channels/chan_alsa.c +++ b/channels/chan_alsa.c @@ -852,11 +852,11 @@ static int console_sendtext(int fd, int argc, char *argv[]) res = RESULT_FAILURE; } else { struct ast_frame f = { AST_FRAME_TEXT, 0 }; - char text2send[256]; - strcpy(text2send, ""); + char text2send[256] = ""; + text2send[0] = '\0'; while(tmparg <= argc) { - strncat(text2send, argv[tmparg++], sizeof(text2send) - strlen(text2send)); - strncat(text2send, " ", sizeof(text2send) - strlen(text2send)); + strncat(text2send, argv[tmparg++], sizeof(text2send) - strlen(text2send) - 1); + strncat(text2send, " ", sizeof(text2send) - strlen(text2send) - 1); } f.data = text2send; f.datalen = strlen(text2send) + 1; diff --git a/channels/chan_h323.c b/channels/chan_h323.c index 63030d6af..db379a125 100755 --- a/channels/chan_h323.c +++ b/channels/chan_h323.c @@ -707,7 +707,7 @@ static struct ast_channel *oh323_new(struct oh323_pvt *i, int state, const char if (ch) { - snprintf(ch->name, sizeof(ch->name)-1, "H323/%s", host); + snprintf(ch->name, sizeof(ch->name), "H323/%s", host); ch->nativeformats = i->capability; if (!ch->nativeformats) ch->nativeformats = capability; @@ -1080,14 +1080,14 @@ int setup_incoming_call(call_details_t cd) strncpy(p->exten, alias->name, sizeof(p->exten)-1); strncpy(p->context, alias->context, sizeof(p->context)-1); } - sprintf(p->callerid, "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164); + snprintf(p->callerid, sizeof(p->callerid), "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164); } else { /* Either this call is not from the Gatekeeper or we are not allowing gk routed calls */ user = find_user(cd); if (!user) { - sprintf(p->callerid, "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164); + snprintf(p->callerid, sizeof(p->callerid), "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164); if (!ast_strlen_zero(p->cd.call_dest_e164)) { strncpy(p->exten, cd.call_dest_e164, sizeof(p->exten)-1); } else { @@ -1111,7 +1111,8 @@ int setup_incoming_call(call_details_t cd) } else { strncpy(p->context, user->context, sizeof(p->context)-1); } - sprintf(p->exten, "i"); + p->exten[0] = 'i'; + p->exten[1] = '\0'; ast_log(LOG_ERROR, "Call from '%s' rejected due to non-matching IP address (%s)s\n", user->name, cd.sourceIp); goto exit; } @@ -1129,7 +1130,7 @@ int setup_incoming_call(call_details_t cd) if (!ast_strlen_zero(user->callerid)) { strncpy(p->callerid, user->callerid, sizeof(p->callerid) - 1); } else { - sprintf(p->callerid, "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164); + snprintf(p->callerid, sizeof(p->callerid), "%s <%s>", p->cd.call_source_name, p->cd.call_source_e164); } if (!ast_strlen_zero(p->cd.call_dest_e164)) { strncpy(p->exten, cd.call_dest_e164, sizeof(p->exten)-1); diff --git a/channels/chan_iax.c b/channels/chan_iax.c index 3ebd4fb19..754ce2509 100755 --- a/channels/chan_iax.c +++ b/channels/chan_iax.c @@ -504,7 +504,7 @@ static void showframe(struct ast_iax_frame *f, struct ast_iax_full_hdr *fhi, int "TKOFFHK ", "OFFHOOK" }; struct ast_iax_full_hdr *fh; - char retries[20]; + char retries[20] = ""; char class2[20]; char subclass2[20]; char *class; @@ -514,7 +514,7 @@ static void showframe(struct ast_iax_frame *f, struct ast_iax_full_hdr *fhi, int fh = f->data; snprintf(retries, sizeof(retries), "%03d", f->retries); } else { - strcpy(retries, "N/A"); + strncpy(retries, "N/A", sizeof(retries) - 1); fh = fhi; } if (!(ntohs(fh->callno) & AST_FLAG_FULL)) { @@ -528,7 +528,7 @@ static void showframe(struct ast_iax_frame *f, struct ast_iax_full_hdr *fhi, int class = frames[(int)fh->type]; } if (fh->type == AST_FRAME_DTMF) { - sprintf(subclass2, "%c", fh->csub); + snprintf(subclass2, sizeof(subclass2), "%c", fh->csub); subclass = subclass2; } else if (fh->type == AST_FRAME_IAX) { if (fh->csub >= sizeof(iaxs)/sizeof(iaxs[0])) { @@ -1243,7 +1243,7 @@ static int iax_show_stats(int fd, int argc, char *argv[]) static int iax_show_cache(int fd, int argc, char *argv[]) { struct iax_dpcache *dp; - char tmp[1024], *pc; + char tmp[1024] = "", *pc; int s; int x,y; struct timeval tv; @@ -1253,28 +1253,28 @@ static int iax_show_cache(int fd, int argc, char *argv[]) ast_cli(fd, "%-20.20s %-12.12s %-9.9s %-8.8s %s\n", "Peer/Context", "Exten", "Exp.", "Wait.", "Flags"); while(dp) { s = dp->expirey.tv_sec - tv.tv_sec; - strcpy(tmp, ""); + tmp[0] = '\0'; if (dp->flags & CACHE_FLAG_EXISTS) - strcat(tmp, "EXISTS|"); + strncat(tmp, "EXISTS|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_NONEXISTANT) - strcat(tmp, "NONEXISTANT|"); + strncat(tmp, "NONEXISTANT|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_CANEXIST) - strcat(tmp, "CANEXIST|"); + strncat(tmp, "CANEXIST|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_PENDING) - strcat(tmp, "PENDING|"); + strncat(tmp, "PENDING|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_TIMEOUT) - strcat(tmp, "TIMEOUT|"); + strncat(tmp, "TIMEOUT|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_TRANSMITTED) - strcat(tmp, "TRANSMITTED|"); + strncat(tmp, "TRANSMITTED|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_MATCHMORE) - strcat(tmp, "MATCHMORE|"); + strncat(tmp, "MATCHMORE|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_UNKNOWN) - strcat(tmp, "UNKNOWN|"); + strncat(tmp, "UNKNOWN|", sizeof(tmp) - strlen(tmp) - 1); /* Trim trailing pipe */ if (strlen(tmp)) tmp[strlen(tmp) - 1] = '\0'; else - strcpy(tmp, "(none)"); + strncpy(tmp, "(none)", sizeof(tmp) - 1); y=0; pc = strchr(dp->peercontext, '@'); if (!pc) @@ -1572,7 +1572,7 @@ static struct iax_peer *mysql_peer(char *peer) for (x=0;x<numfields;x++) { if (rowval[x]) { if (!strcasecmp(fields[x].name, "secret")) { - strncpy(p->secret, rowval[x], sizeof(p->secret)); + strncpy(p->secret, rowval[x], sizeof(p->secret) - 1); } else if (!strcasecmp(fields[x].name, "context")) { strncpy(p->context, rowval[x], sizeof(p->context) - 1); } else if (!strcasecmp(fields[x].name, "ipaddr")) { @@ -1603,7 +1603,7 @@ static struct iax_peer *mysql_peer(char *peer) p->delme = 1; p->expire = -1; p->capability = iax_capability; - strcpy(p->methods, "md5,plaintext"); + strncpy(p->methods, "md5,plaintext", sizeof(p->methods) - 1); } return p; } @@ -1618,7 +1618,7 @@ static struct iax_user *mysql_user(char *user) memset(p, 0, sizeof(struct iax_user)); con = malloc(sizeof(struct iax_context)); memset(con, 0, sizeof(struct iax_context)); - strcpy(con->context, "default"); + strncpy(con->context, "default", sizeof(con->context) - 1); p->contexts = con; if (mysql && (strlen(user) < 128)) { char query[512]; @@ -1640,7 +1640,7 @@ static struct iax_user *mysql_user(char *user) for (x=0;x<numfields;x++) { if (rowval[x]) { if (!strcasecmp(fields[x].name, "secret")) { - strncpy(p->secret, rowval[x], sizeof(p->secret)); + strncpy(p->secret, rowval[x], sizeof(p->secret) - 1); } else if (!strcasecmp(fields[x].name, "context")) { strncpy(p->contexts->context, rowval[x], sizeof(p->contexts->context) - 1); } @@ -1658,7 +1658,7 @@ static struct iax_user *mysql_user(char *user) } else { strncpy(p->name, user, sizeof(p->name) - 1); p->delme = 1; - strcpy(p->methods, "md5,plaintext"); + strncpy(p->methods, "md5,plaintext", sizeof(p->methods) - 1); } return p; } @@ -2346,22 +2346,22 @@ static int iax_show_peers(int fd, int argc, char *argv[]) ast_cli(fd, FORMAT2, "Name/Username", "Host", " ", "Mask", "Port", "Status"); for (peer = peerl.peers;peer;peer = peer->next) { char nm[20]; - char status[20]; + char status[20] = ""; if (strlen(peer->username)) snprintf(name, sizeof(name), "%s/%s", peer->name, peer->username); else strncpy(name, peer->name, sizeof(name) - 1); if (peer->maxms) { if (peer->lastms < 0) - strcpy(status, "UNREACHABLE"); + strncpy(status, "UNREACHABLE", sizeof(status) - 1); else if (peer->lastms > peer->maxms) snprintf(status, sizeof(status), "LAGGED (%d ms)", peer->lastms); else if (peer->lastms) snprintf(status, sizeof(status), "OK (%d ms)", peer->lastms); else - strcpy(status, "UNKNOWN"); + strncpy(status, "UNKNOWN", sizeof(status) - 1); } else - strcpy(status, "Unmonitored"); + strncpy(status, "Unmonitored", sizeof(status) - 1); strncpy(nm, ast_inet_ntoa(iabuf, sizeof(iabuf), peer->mask), sizeof(nm)-1); ast_cli(fd, FORMAT, name, peer->addr.sin_addr.s_addr ? ast_inet_ntoa(iabuf, sizeof(iabuf), peer->addr.sin_addr) : "(Unspecified)", @@ -2413,7 +2413,7 @@ static int iax_show_registry(int fd, int argc, char *argv[]) #define FORMAT "%-20.20s %-10.10s %-20.20s %8d %s\n" struct iax_registry *reg; char host[80]; - char perceived[80]; + char perceived[80] = ""; char iabuf[INET_ADDRSTRLEN]; if (argc != 3) return RESULT_SHOWUSAGE; @@ -2424,7 +2424,7 @@ static int iax_show_registry(int fd, int argc, char *argv[]) if (reg->us.sin_addr.s_addr) snprintf(perceived, sizeof(perceived), "%s:%d", ast_inet_ntoa(iabuf, sizeof(iabuf), reg->us.sin_addr), ntohs(reg->us.sin_port)); else - strcpy(perceived, "<Unregistered>"); + strncpy(perceived, "<Unregistered>", sizeof(perceived) - 1); ast_cli(fd, FORMAT, host, reg->username, perceived, reg->refresh, regstate2str(reg->regstate)); } @@ -2724,7 +2724,7 @@ static int check_access(int callno, struct sockaddr_in *sin, char *orequest, int /* Copy the secret */ strncpy(iaxs[callno]->secret, user->secret, sizeof(iaxs[callno]->secret)-1); /* And any input keys */ - strncpy(iaxs[callno]->inkeys, user->inkeys, sizeof(iaxs[callno]->inkeys)); + strncpy(iaxs[callno]->inkeys, user->inkeys, sizeof(iaxs[callno]->inkeys) - 1); /* And the permitted authentication methods */ strncpy(iaxs[callno]->methods, user->methods, sizeof(iaxs[callno]->methods)-1); /* If they have callerid, override the given caller id. Always store the ANI */ @@ -2810,9 +2810,9 @@ static int authenticate_verify(struct chan_iax_pvt *p, char *orequest) if (strstr(p->methods, "rsa") && strlen(rsasecret) && strlen(p->inkeys)) { struct ast_key *key; char *keyn; - char tmpkey[256]; + char tmpkey[256] = ""; char *stringp=NULL; - strncpy(tmpkey, p->inkeys, sizeof(tmpkey)); + strncpy(tmpkey, p->inkeys, sizeof(tmpkey) - 1); stringp=tmpkey; keyn = strsep(&stringp, ":"); while(keyn) { @@ -2862,7 +2862,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, char *orequest) char *stringp=NULL; iaxs[callno]->state &= ~IAX_STATE_AUTHENTICATED; - strcpy(iaxs[callno]->peer, ""); + iaxs[callno]->peer[0] = '\0'; if (!orequest) return -1; strncpy(request, orequest, sizeof(request)-1); @@ -2927,7 +2927,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, char *orequest) if (strlen(p->inkeys)) { char tmpkeys[256]; char *stringp=NULL; - strncpy(tmpkeys, p->inkeys, sizeof(tmpkeys)); + strncpy(tmpkeys, p->inkeys, sizeof(tmpkeys) - 1); stringp=tmpkeys; keyn = strsep(&stringp, ":"); while(keyn) { @@ -3667,7 +3667,7 @@ static int socket_read(int *id, int fd, short events, void *cbdata) int exists; int mm; char iabuf[INET_ADDRSTRLEN]; - char rel0[256]; + char rel0[256] = ""; char rel1[255]; char empty[32]=""; /* Safety measure */ res = recvfrom(netsocket, buf, sizeof(buf), 0,(struct sockaddr *) &sin, &len); @@ -3939,11 +3939,11 @@ retryowner: mm = ast_matchmore_extension(NULL, iaxs[fr.callno]->context, (char *)f.data, 1, iaxs[fr.callno]->callerid); /* Must be started */ if (ast_exists_extension(NULL, iaxs[fr.callno]->context, (char *)f.data, 1, iaxs[fr.callno]->callerid)) { - strcpy(rel0, "exists"); + strncpy(rel0, "exists", sizeof(rel0) - 1); } else if (ast_canmatch_extension(NULL, iaxs[fr.callno]->context, (char *)f.data, 1, iaxs[fr.callno]->callerid)) { - strcpy(rel0, "canexist"); + strncpy(rel0, "canexist", sizeof(rel0) - 1); } else { - strcpy(rel0, "nonexistant"); + strncpy(rel0, "nonexistant", sizeof(rel0) - 1); } snprintf(rel1, sizeof(rel1), "number=%s;status=%s;ignorepat=%s;expirey=%d;matchmore=%s;", (char *)f.data, rel0, @@ -4672,9 +4672,9 @@ static struct iax_peer *build_peer(char *name, struct ast_variable *v) } else if (!strcasecmp(v->name, "sendani")) { peer->sendani = ast_true(v->value); } else if (!strcasecmp(v->name, "inkeys")) { - strncpy(peer->inkeys, v->value, sizeof(peer->inkeys)); + strncpy(peer->inkeys, v->value, sizeof(peer->inkeys) - 1); } else if (!strcasecmp(v->name, "outkey")) { - strncpy(peer->outkey, v->value, sizeof(peer->outkey)); + strncpy(peer->outkey, v->value, sizeof(peer->outkey) - 1); } else if (!strcasecmp(v->name, "qualify")) { if (!strcasecmp(v->value, "no")) { peer->maxms = 0; @@ -4689,7 +4689,7 @@ static struct iax_peer *build_peer(char *name, struct ast_variable *v) v=v->next; } if (!strlen(peer->methods)) - strcpy(peer->methods, "md5,plaintext"); + strncpy(peer->methods, "md5,plaintext", sizeof(peer->methods) - 1); peer->delme = 0; } return peer; @@ -4734,7 +4734,7 @@ static struct iax_user *build_user(char *name, struct ast_variable *v) user->amaflags = format; } } else if (!strcasecmp(v->name, "inkeys")) { - strncpy(user->inkeys, v->value, sizeof(user->inkeys)); + strncpy(user->inkeys, v->value, sizeof(user->inkeys) - 1); } //else if (strcasecmp(v->name,"type")) // ast_log(LOG_WARNING, "Ignoring %s\n", v->name); v = v->next; diff --git a/channels/chan_iax2.c b/channels/chan_iax2.c index fbaed07d6..c7dd8baef 100755 --- a/channels/chan_iax2.c +++ b/channels/chan_iax2.c @@ -1527,7 +1527,7 @@ static int iax2_show_stats(int fd, int argc, char *argv[]) static int iax2_show_cache(int fd, int argc, char *argv[]) { struct iax2_dpcache *dp; - char tmp[1024], *pc; + char tmp[1024] = "", *pc; int s; int x,y; struct timeval tv; @@ -1537,28 +1537,28 @@ static int iax2_show_cache(int fd, int argc, char *argv[]) ast_cli(fd, "%-20.20s %-12.12s %-9.9s %-8.8s %s\n", "Peer/Context", "Exten", "Exp.", "Wait.", "Flags"); while(dp) { s = dp->expirey.tv_sec - tv.tv_sec; - strcpy(tmp, ""); + tmp[0] = '\0'; if (dp->flags & CACHE_FLAG_EXISTS) - strcat(tmp, "EXISTS|"); + strncat(tmp, "EXISTS|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_NONEXISTANT) - strcat(tmp, "NONEXISTANT|"); + strncat(tmp, "NONEXISTANT|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_CANEXIST) - strcat(tmp, "CANEXIST|"); + strncat(tmp, "CANEXIST|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_PENDING) - strcat(tmp, "PENDING|"); + strncat(tmp, "PENDING|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_TIMEOUT) - strcat(tmp, "TIMEOUT|"); + strncat(tmp, "TIMEOUT|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_TRANSMITTED) - strcat(tmp, "TRANSMITTED|"); + strncat(tmp, "TRANSMITTED|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_MATCHMORE) - strcat(tmp, "MATCHMORE|"); + strncat(tmp, "MATCHMORE|", sizeof(tmp) - strlen(tmp) - 1); if (dp->flags & CACHE_FLAG_UNKNOWN) - strcat(tmp, "UNKNOWN|"); + strncat(tmp, "UNKNOWN|", sizeof(tmp) - strlen(tmp) - 1); /* Trim trailing pipe */ if (!ast_strlen_zero(tmp)) tmp[strlen(tmp) - 1] = '\0'; else - strcpy(tmp, "(none)"); + strncpy(tmp, "(none)", sizeof(tmp) - 1); y=0; pc = strchr(dp->peercontext, '@'); if (!pc) @@ -1910,7 +1910,7 @@ static struct iax2_peer *mysql_peer(char *peer) for (x=0;x<numfields;x++) { if (rowval[x]) { if (!strcasecmp(fields[x].name, "secret")) { - strncpy(p->secret, rowval[x], sizeof(p->secret)); + strncpy(p->secret, rowval[x], sizeof(p->secret) - 1); } else if (!strcasecmp(fields[x].name, "context")) { strncpy(p->context, rowval[x], sizeof(p->context) - 1); } else if (!strcasecmp(fields[x].name, "ipaddr")) { @@ -1957,7 +1957,7 @@ static struct iax2_user *mysql_user(char *user) memset(p, 0, sizeof(struct iax2_user)); con = malloc(sizeof(struct iax2_context)); memset(con, 0, sizeof(struct iax2_context)); - strcpy(con->context, "default"); + strncpy(con->context, "default", sizeof(con->context) - 1); p->contexts = con; if (mysql && (strlen(user) < 128)) { char query[512]; @@ -1979,11 +1979,11 @@ static struct iax2_user *mysql_user(char *user) for (x=0;x<numfields;x++) { if (rowval[x]) { if (!strcasecmp(fields[x].name, "secret")) { - strncpy(p->secret, rowval[x], sizeof(p->secret)); + strncpy(p->secret, rowval[x], sizeof(p->secret) - 1); } else if (!strcasecmp(fields[x].name, "context")) { strncpy(p->contexts->context, rowval[x], sizeof(p->contexts->context) - 1); } else if (!strcasecmp(fields[x].name, "accountcode")) { - strncpy(p->accountcode, rowval[x], sizeof(p->accountcode)); + strncpy(p->accountcode, rowval[x], sizeof(p->accountcode) - 1); } } } @@ -2050,7 +2050,7 @@ static int create_addr(struct sockaddr_in *sin, int *capability, int *sendani, i if (capability) *capability = p->capability; if (secret) - strncpy(secret, p->secret, seclen); + strncpy(secret, p->secret, seclen); /* safe */ if (p->addr.sin_addr.s_addr) { sin->sin_addr = p->addr.sin_addr; sin->sin_port = p->addr.sin_port; @@ -2227,7 +2227,7 @@ static int iax2_call(struct ast_channel *c, char *dest, int timeout) secret = storedsecret; ast_mutex_lock(&iaxsl[callno]); if (!ast_strlen_zero(c->context)) - strncpy(iaxs[callno]->context, c->context, sizeof(iaxs[callno]->context)); + strncpy(iaxs[callno]->context, c->context, sizeof(iaxs[callno]->context) - 1); if (secret) { if (secret[0] == '[') { /* This is an RSA key, not a normal secret */ @@ -3019,7 +3019,7 @@ static int iax2_show_users(int fd, int argc, char *argv[]) #define FORMAT "%-15.15s %-20.20s %-15.15s %-15.15s %-5.5s\n" #define FORMAT2 "%-15.15s %-20.20s %-15.15d %-15.15s %-5.5s\n" struct iax2_user *user; - char auth[90]; + char auth[90] = ""; if (argc != 3) return RESULT_SHOWUSAGE; ast_mutex_lock(&userl.lock); @@ -3028,9 +3028,9 @@ static int iax2_show_users(int fd, int argc, char *argv[]) if (!ast_strlen_zero(user->secret)) { strncpy(auth,user->secret,sizeof(auth)-1); } else if (!ast_strlen_zero(user->inkeys)) { - sprintf(auth,"Key: %-15.15s ",user->inkeys); + snprintf(auth, sizeof(auth), "Key: %-15.15s ", user->inkeys); } else - strcpy(auth,"-no secret-"); + strncpy(auth, "-no secret-", sizeof(auth) - 1); ast_cli(fd, FORMAT2, user->name, auth, user->authmethods, user->contexts ? user->contexts->context : context, user->ha ? "Yes" : "No"); @@ -3061,9 +3061,9 @@ static int iax2_show_peers(int fd, int argc, char *argv[]) ast_cli(fd, FORMAT2, "Name/Username", "Host", " ", "Mask", "Port", "Status"); for (peer = peerl.peers;peer;peer = peer->next) { char nm[20]; - char status[20]; + char status[20] = ""; int print_line = -1; - char srch[2000]; + char srch[2000] = ""; if (registeredonly && !peer->addr.sin_addr.s_addr) continue; if (!ast_strlen_zero(peer->username)) @@ -3072,18 +3072,18 @@ static int iax2_show_peers(int fd, int argc, char *argv[]) strncpy(name, peer->name, sizeof(name) - 1); if (peer->maxms) { if (peer->lastms < 0) - strcpy(status, "UNREACHABLE"); + strncpy(status, "UNREACHABLE", sizeof(status) - 1); else if (peer->lastms > peer->maxms) snprintf(status, sizeof(status), "LAGGED (%d ms)", peer->lastms); else if (peer->lastms) snprintf(status, sizeof(status), "OK (%d ms)", peer->lastms); else - strcpy(status, "UNKNOWN"); + strncpy(status, "UNKNOWN", sizeof(status) - 1); } else - strcpy(status, "Unmonitored"); + strncpy(status, "Unmonitored", sizeof(status) - 1); strncpy(nm, ast_inet_ntoa(iabuf, sizeof(iabuf), peer->mask), sizeof(nm)-1); - sprintf(srch, FORMAT, name, + snprintf(srch, sizeof(srch), FORMAT, name, peer->addr.sin_addr.s_addr ? ast_inet_ntoa(iabuf, sizeof(iabuf), peer->addr.sin_addr) : "(Unspecified)", peer->dynamic ? "(D)" : "(S)", nm, @@ -3174,7 +3174,7 @@ static int iax2_show_registry(int fd, int argc, char *argv[]) #define FORMAT "%-20.20s %-10.10s %-20.20s %8d %s\n" struct iax2_registry *reg; char host[80]; - char perceived[80]; + char perceived[80] = ""; char iabuf[INET_ADDRSTRLEN]; if (argc != 3) return RESULT_SHOWUSAGE; @@ -3185,7 +3185,7 @@ static int iax2_show_registry(int fd, int argc, char *argv[]) if (reg->us.sin_addr.s_addr) snprintf(perceived, sizeof(perceived), "%s:%d", ast_inet_ntoa(iabuf, sizeof(iabuf), reg->us.sin_addr), ntohs(reg->us.sin_port)); else - strcpy(perceived, "<Unregistered>"); + strncpy(perceived, "<Unregistered>", sizeof(perceived) - 1); ast_cli(fd, FORMAT, host, reg->username, perceived, reg->refresh, regstate2str(reg->regstate)); } @@ -3540,7 +3540,7 @@ static int check_access(int callno, struct sockaddr_in *sin, struct iax_ies *ies /* Copy the secret */ strncpy(iaxs[callno]->secret, user->secret, sizeof(iaxs[callno]->secret)-1); /* And any input keys */ - strncpy(iaxs[callno]->inkeys, user->inkeys, sizeof(iaxs[callno]->inkeys)); + strncpy(iaxs[callno]->inkeys, user->inkeys, sizeof(iaxs[callno]->inkeys) - 1); /* And the permitted authentication methods */ iaxs[callno]->authmethods = user->authmethods; /* If they have callerid, override the given caller id. Always store the ANI */ @@ -3614,9 +3614,9 @@ static int authenticate_verify(struct chan_iax2_pvt *p, struct iax_ies *ies) if ((p->authmethods & IAX_AUTH_RSA) && !ast_strlen_zero(rsasecret) && !ast_strlen_zero(p->inkeys)) { struct ast_key *key; char *keyn; - char tmpkey[256]; + char tmpkey[256] = ""; char *stringp=NULL; - strncpy(tmpkey, p->inkeys, sizeof(tmpkey)); + strncpy(tmpkey, p->inkeys, sizeof(tmpkey) - 1); stringp=tmpkey; keyn = strsep(&stringp, ":"); while(keyn) { @@ -3637,7 +3637,7 @@ static int authenticate_verify(struct chan_iax2_pvt *p, struct iax_ies *ies) MD5Final(digest, &md5); /* If they support md5, authenticate with it. */ for (x=0;x<16;x++) - sprintf(requeststr + (x << 1), "%2.2x", digest[x]); + sprintf(requeststr + (x << 1), "%2.2x", digest[x]); /* safe */ if (!strcasecmp(requeststr, md5secret)) res = 0; } else if (p->authmethods & IAX_AUTH_PLAINTEXT) { @@ -3662,7 +3662,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * int expire = 0; iaxs[callno]->state &= ~IAX_STATE_AUTHENTICATED; - strcpy(iaxs[callno]->peer, ""); + iaxs[callno]->peer[0] = '\0'; if (ies->username) strncpy(peer, ies->username, sizeof(peer) - 1); if (ies->password) @@ -3715,9 +3715,9 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * /* Check secret against what we have on file */ if (!ast_strlen_zero(rsasecret) && (p->authmethods & IAX_AUTH_RSA) && !ast_strlen_zero(iaxs[callno]->challenge)) { if (!ast_strlen_zero(p->inkeys)) { - char tmpkeys[256]; + char tmpkeys[256] = ""; char *stringp=NULL; - strncpy(tmpkeys, p->inkeys, sizeof(tmpkeys)); + strncpy(tmpkeys, p->inkeys, sizeof(tmpkeys) - 1); stringp=tmpkeys; keyn = strsep(&stringp, ":"); while(keyn) { @@ -3761,7 +3761,7 @@ static int register_verify(int callno, struct sockaddr_in *sin, struct iax_ies * MD5Update(&md5, p->secret, strlen(p->secret)); MD5Final(digest, &md5); for (x=0;x<16;x++) - sprintf(requeststr + (x << 1), "%2.2x", digest[x]); + sprintf(requeststr + (x << 1), "%2.2x", digest[x]); /* safe */ if (strcasecmp(requeststr, md5secret)) { if (authdebug) ast_log(LOG_NOTICE, "Host %s failed MD5 authentication for '%s' (%s != %s)\n", ast_inet_ntoa(iabuf, sizeof(iabuf), sin->sin_addr), p->name, requeststr, md5secret); @@ -3827,7 +3827,7 @@ static int authenticate(char *challenge, char *secret, char *keyn, int authmetho MD5Final(digest, &md5); /* If they support md5, authenticate with it. */ for (x=0;x<16;x++) - sprintf(digres + (x << 1), "%2.2x", digest[x]); + sprintf(digres + (x << 1), "%2.2x", digest[x]); /* safe */ iax_ie_append_str(ied, IAX_IE_MD5_RESULT, digres); res = 0; } else if (authmethods & IAX_AUTH_PLAINTEXT) { @@ -6251,9 +6251,9 @@ static struct iax2_peer *build_peer(char *name, struct ast_variable *v) } else if (!strcasecmp(v->name, "sendani")) { peer->sendani = ast_true(v->value); } else if (!strcasecmp(v->name, "inkeys")) { - strncpy(peer->inkeys, v->value, sizeof(peer->inkeys)); + strncpy(peer->inkeys, v->value, sizeof(peer->inkeys) - 1); } else if (!strcasecmp(v->name, "outkey")) { - strncpy(peer->outkey, v->value, sizeof(peer->outkey)); + strncpy(peer->outkey, v->value, sizeof(peer->outkey) - 1); } else if (!strcasecmp(v->name, "qualify")) { if (!strcasecmp(v->value, "no")) { peer->maxms = 0; @@ -6322,7 +6322,7 @@ static struct iax2_user *build_user(char *name, struct ast_variable *v) memset(user, 0, sizeof(struct iax2_user)); user->capability = iax2_capability; strncpy(user->name, name, sizeof(user->name)-1); - strcpy(user->language, language); + strncpy(user->language, language, sizeof(user->language) - 1); while(v) { if (!strcasecmp(v->name, "context")) { con = build_context(v->value); @@ -6375,7 +6375,7 @@ static struct iax2_user *build_user(char *name, struct ast_variable *v) user->amaflags = format; } } else if (!strcasecmp(v->name, "inkeys")) { - strncpy(user->inkeys, v->value, sizeof(user->inkeys)); + strncpy(user->inkeys, v->value, sizeof(user->inkeys) - 1); }// else if (strcasecmp(v->name,"type")) // ast_log(LOG_WARNING, "Ignoring %s\n", v->name); v = v->next; diff --git a/channels/chan_mgcp.c b/channels/chan_mgcp.c index 082ec9d01..df2ce371e 100755 --- a/channels/chan_mgcp.c +++ b/channels/chan_mgcp.c @@ -872,7 +872,7 @@ static int mgcp_hangup(struct ast_channel *ast) if (strlen(sub->cxident)) { transmit_connection_del(sub); } - strcpy(sub->cxident, ""); + sub->cxident[0] = '\0'; if ((sub == p->sub) && sub->next->owner) { if (p->hookstate == MGCP_OFFHOOK) { if (sub->next->owner && sub->next->owner->bridge) { @@ -900,7 +900,7 @@ static int mgcp_hangup(struct ast_channel *ast) sub->alreadygone = 0; sub->outgoing = 0; sub->cxmode = MGCP_CX_INACTIVE; - strcpy(sub->callid, ""); + sub->callid[0] = '\0'; /* Reset temporary destination */ memset(&sub->tmpdest, 0, sizeof(sub->tmpdest)); if (sub->rtp) { @@ -1253,7 +1253,7 @@ static struct ast_channel *mgcp_new(struct mgcp_subchannel *sub, int state) ast_update_use_count(); tmp->callgroup = i->callgroup; tmp->pickupgroup = i->pickupgroup; - strncpy(tmp->call_forward, i->call_forward, sizeof(tmp->call_forward)); + strncpy(tmp->call_forward, i->call_forward, sizeof(tmp->call_forward) - 1); strncpy(tmp->context, i->context, sizeof(tmp->context)-1); strncpy(tmp->exten, i->exten, sizeof(tmp->exten)-1); if (strlen(i->callerid)) @@ -1798,7 +1798,7 @@ static int add_sdp(struct mgcp_request *resp, struct mgcp_subchannel *sub, struc char o[256]; char c[256]; char t[256]; - char m[256]; + char m[256] = ""; char a[1024] = ""; char iabuf[INET_ADDRSTRLEN]; int x; @@ -1842,9 +1842,9 @@ static int add_sdp(struct mgcp_request *resp, struct mgcp_subchannel *sub, struc codec = ast_rtp_lookup_code(sub->rtp, 1, x); if (codec > -1) { snprintf(costr, sizeof(costr), " %d", codec); - strcat(m, costr); + strncat(m, costr, sizeof(m) - strlen(m) - 1); snprintf(costr, sizeof(costr), "a=rtpmap:%d %s/8000\r\n", codec, ast_rtp_lookup_mime_subtype(1, x)); - strcat(a, costr); + strncat(a, costr, sizeof(a) - strlen(a) - 1); } } } @@ -1856,18 +1856,18 @@ static int add_sdp(struct mgcp_request *resp, struct mgcp_subchannel *sub, struc codec = ast_rtp_lookup_code(sub->rtp, 0, x); if (codec > -1) { snprintf(costr, sizeof(costr), " %d", codec); - strcat(m, costr); + strncat(m, costr, sizeof(m) - strlen(m) - 1); snprintf(costr, sizeof(costr), "a=rtpmap:%d %s/8000\r\n", codec, ast_rtp_lookup_mime_subtype(0, x)); - strcat(a, costr); + strncat(a, costr, sizeof(a) - strlen(a) - 1); if (x == AST_RTP_DTMF) { /* Indicate we support DTMF... Not sure about 16, but MSN supports it so dang it, we will too... */ snprintf(costr, sizeof costr, "a=fmtp:%d 0-16\r\n", codec); - strcat(a, costr); + strncat(a, costr, sizeof(a) - strlen(a) - 1); } } } } - strcat(m, "\r\n"); + strncat(m, "\r\n", sizeof(m) - strlen(m) - 1); len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a); snprintf(costr, sizeof(costr), "%d", len); add_line(resp, v); @@ -1901,7 +1901,7 @@ static int transmit_modify_with_sdp(struct mgcp_subchannel *sub, struct ast_rtp for (x=1;x<= AST_FORMAT_MAX_AUDIO; x <<= 1) { if (capability & x) { snprintf(tmp, sizeof(tmp), ", a:%s", ast_rtp_lookup_mime_subtype(1, x)); - strcat(local, tmp); + strncat(local, tmp, sizeof(local) - strlen(local) - 1); } } reqprep(&resp, p, "MDCX"); @@ -1931,7 +1931,7 @@ static int transmit_connect_with_sdp(struct mgcp_subchannel *sub, struct ast_rtp for (x=1;x<= AST_FORMAT_MAX_AUDIO; x <<= 1) { if (p->capability & x) { snprintf(tmp, sizeof(tmp), ", a:%s", ast_rtp_lookup_mime_subtype(1, x)); - strcat(local, tmp); + strncat(local, tmp, sizeof(local) - strlen(local) - 1); } } if (mgcpdebug) { @@ -1996,7 +1996,7 @@ static int transmit_notify_request_with_callerid(struct mgcp_subchannel *sub, ch if (callerid) strncpy(cid, callerid, sizeof(cid) - 1); else - strcpy(cid, ""); + cid[0] = '\0'; ast_callerid_parse(cid, &n, &l); if (l) { ast_shrink_phone_number(l); @@ -2423,7 +2423,7 @@ static void *mgcp_ss(void *data) if (!res || !ast_matchmore_extension(chan, chan->context, exten, 1, p->callerid)) { if (getforward) { /* Record this as the forwarding extension */ - strncpy(p->call_forward, exten, sizeof(p->call_forward)); + strncpy(p->call_forward, exten, sizeof(p->call_forward) - 1); if (option_verbose > 2) { ast_verbose(VERBOSE_PREFIX_3 "Setting call forward to '%s' on channel %s\n", p->call_forward, chan->name); @@ -3426,7 +3426,7 @@ static struct mgcp_gateway *build_gateway(char *cat, struct ast_variable *v) nat = ast_true(v->value); } else if (!strcasecmp(v->name, "callerid")) { if (!strcasecmp(v->value, "asreceived")) - strcpy(callerid, ""); + callerid[0] = '\0'; else strncpy(callerid, v->value, sizeof(callerid) - 1); } else if (!strcasecmp(v->name, "language")) { @@ -3495,7 +3495,7 @@ static struct mgcp_gateway *build_gateway(char *cat, struct ast_variable *v) e->needaudit = 1; } strncpy(gw->wcardep, v->value, sizeof(gw->wcardep)-1); - //strcpy(e->name, "aaln/*"); + //strncpy(e->name, "aaln/*", sizeof(e->name) - 1); /* XXX Should we really check for uniqueness?? XXX */ strncpy(e->context, context, sizeof(e->context) - 1); strncpy(e->callerid, callerid, sizeof(e->callerid) - 1); @@ -3531,7 +3531,7 @@ static struct mgcp_gateway *build_gateway(char *cat, struct ast_variable *v) sub->parent = e; sub->id = i; snprintf(sub->txident, sizeof(sub->txident), "%08x", rand()); - /*strcpy(sub->txident, txident);*/ + /*stnrcpy(sub->txident, txident, sizeof(sub->txident) - 1);*/ sub->cxmode = MGCP_CX_INACTIVE; sub->nat = nat; sub->next = e->sub; diff --git a/channels/chan_modem.c b/channels/chan_modem.c index ace64c78e..1a235c4f5 100755 --- a/channels/chan_modem.c +++ b/channels/chan_modem.c @@ -180,7 +180,7 @@ static int modem_call(struct ast_channel *ast, char *idest, int timeout) { struct ast_modem_pvt *p; int ms = timeout; - char rdest[80], *where, dstr[100]; + char rdest[80], *where, dstr[100] = ""; char *stringp=NULL; strncpy(rdest, idest, sizeof(rdest)-1); stringp=rdest; @@ -191,7 +191,7 @@ static int modem_call(struct ast_channel *ast, char *idest, int timeout) return -1; } p = ast->pvt->pvt; - strcpy(dstr,where + p->stripmsd); + strncpy(dstr, where + p->stripmsd, sizeof(dstr) - 1); /* if not a transfer or just sending tones, must be in correct state */ if (strcasecmp(rdest, "transfer") && strcasecmp(rdest,"sendtones")) { if ((ast->_state != AST_STATE_DOWN) && (ast->_state != AST_STATE_RESERVED)) { @@ -201,7 +201,7 @@ static int modem_call(struct ast_channel *ast, char *idest, int timeout) } if (!strcasecmp(rdest,"transfer")) /* if a transfer, put in transfer stuff */ { - sprintf(dstr,"!,%s",where + p->stripmsd); + snprintf(dstr, sizeof(dstr), "!,%s", where + p->stripmsd); } if (!strcasecmp(where, "handset")) { if (p->mc->setdev) diff --git a/channels/chan_modem_bestdata.c b/channels/chan_modem_bestdata.c index 2fde4d4db..ddcb72018 100755 --- a/channels/chan_modem_bestdata.c +++ b/channels/chan_modem_bestdata.c @@ -152,7 +152,7 @@ static int bestdata_init(struct ast_modem_pvt *p) static struct ast_frame *bestdata_handle_escape(struct ast_modem_pvt *p, char esc) { - char name[30],nmbr[30]; + char name[30]="",nmbr[30]=""; time_t now; /* Handle escaped characters -- but sometimes we call it directly as @@ -189,14 +189,14 @@ static struct ast_frame *bestdata_handle_escape(struct ast_modem_pvt *p, char es name[0] = nmbr[0] = 0; for(;;) { - char res[1000]; + char res[1000]=""; if (ast_modem_read_response(p, 5)) break; strncpy(res, p->response, sizeof(res)-1); ast_modem_trim(res); if (!strncmp(res,"\020.",2)) break; - if (!strncmp(res,"NAME",4)) strcpy(name,res + 7); - if (!strncmp(res,"NMBR",4)) strcpy(nmbr,res + 7); + if (!strncmp(res,"NAME",4)) strncpy(name,res + 7, sizeof(name) - 1); + if (!strncmp(res,"NMBR",4)) strncpy(nmbr,res + 7, sizeof(nmbr) - 1); } p->gotclid = 1; if ((!strcmp(name,"O")) || (!strcmp(name,"P"))) name[0] = 0; @@ -485,13 +485,13 @@ static int bestdata_dialdigit(struct ast_modem_pvt *p, char digit) static int bestdata_dial(struct ast_modem_pvt *p, char *stuff) { - char cmd[800],a[20]; + char cmd[800] = "",a[20]=""; int i,j; if (p->ministate != STATE_COMMAND) { bestdata_break(p); - strcpy(cmd,"AT+VTS="); + strncpy(cmd, "AT+VTS=", sizeof(cmd) - 1); j = strlen(cmd); for(i = 0; stuff[i]; i++) { @@ -502,13 +502,13 @@ static int bestdata_dial(struct ast_modem_pvt *p, char *stuff) a[1] = 0; break; case ',': - strcpy(a,"[,,100]"); + strncpy(a, "[,,100]", sizeof(a) - 1); break; default: - sprintf(a,"{%c,7}",stuff[i]); + snprintf(a, sizeof(a), "{%c,7}", stuff[i]); } - if (stuff[i + 1]) strcat(a,","); - strcpy(cmd + j,a); + if (stuff[i + 1]) strncat(a, ",", sizeof(a) - strlen(a) - 1); + strncpy(cmd + j, a, sizeof(cmd) - j - 1); j += strlen(a); } } diff --git a/channels/chan_nbs.c b/channels/chan_nbs.c index 3ec1555e7..a188c1262 100755 --- a/channels/chan_nbs.c +++ b/channels/chan_nbs.c @@ -214,7 +214,7 @@ static struct ast_channel *nbs_new(struct nbs_pvt *i, int state) tmp->pvt->write = nbs_xwrite; strncpy(tmp->context, context, sizeof(tmp->context)-1); strncpy(tmp->exten, "s", sizeof(tmp->exten) - 1); - strcpy(tmp->language, ""); + tmp->language[0] = '\0'; i->owner = tmp; ast_mutex_lock(&usecnt_lock); usecnt++; diff --git a/channels/chan_oss.c b/channels/chan_oss.c index 46d4e2cdf..538bfe1f8 100755 --- a/channels/chan_oss.c +++ b/channels/chan_oss.c @@ -825,7 +825,7 @@ static char sendtext_usage[] = static int console_sendtext(int fd, int argc, char *argv[]) { int tmparg = 2; - char text2send[256]; + char text2send[256] = ""; struct ast_frame f = { 0, }; if (argc < 2) return RESULT_SHOWUSAGE; @@ -835,10 +835,10 @@ static int console_sendtext(int fd, int argc, char *argv[]) } if (strlen(text2send)) ast_cli(fd, "Warning: message already waiting to be sent, overwriting\n"); - strcpy(text2send, ""); + text2send[0] = '\0'; while(tmparg < argc) { - strncat(text2send, argv[tmparg++], sizeof(text2send) - strlen(text2send)); - strncat(text2send, " ", sizeof(text2send) - strlen(text2send)); + strncat(text2send, argv[tmparg++], sizeof(text2send) - strlen(text2send) - 1); + strncat(text2send, " ", sizeof(text2send) - strlen(text2send) - 1); } if (strlen(text2send)) { f.frametype = AST_FRAME_TEXT; diff --git a/channels/chan_phone.c b/channels/chan_phone.c index 536d3ef86..4828d05ef 100755 --- a/channels/chan_phone.c +++ b/channels/chan_phone.c @@ -177,15 +177,16 @@ static int phone_call(struct ast_channel *ast, char *dest, int timeout) time(&UtcTime); localtime_r(&UtcTime,&tm); + memset(&cid, 0, sizeof(PHONE_CID)); if(&tm != NULL) { - sprintf(cid.month, "%02d",(tm.tm_mon + 1)); - sprintf(cid.day, "%02d", tm.tm_mday); - sprintf(cid.hour, "%02d", tm.tm_hour); - sprintf(cid.min, "%02d", tm.tm_min); + snprintf(cid.month, sizeof(cid.month), "%02d",(tm.tm_mon + 1)); + snprintf(cid.day, sizeof(cid.day), "%02d", tm.tm_mday); + snprintf(cid.hour, sizeof(cid.hour), "%02d", tm.tm_hour); + snprintf(cid.min, sizeof(cid.min), "%02d", tm.tm_min); } /* the standard format of ast->callerid is: "name" <number>, but not always complete */ if (!ast->callerid || ast_strlen_zero(ast->callerid)){ - strcpy(cid.name, DEFAULT_CALLER_ID); + strncpy(cid.name, DEFAULT_CALLER_ID, sizeof(cid.name) - 1); cid.number[0]='\0'; } else { char *n, *l; @@ -198,9 +199,9 @@ static int phone_call(struct ast_channel *ast, char *dest, int timeout) l = NULL; } if (l) - strncpy(cid.number, l, sizeof(cid.number)); + strncpy(cid.number, l, sizeof(cid.number) - 1); if (n) - strncpy(cid.name, n, sizeof(cid.name)); + strncpy(cid.name, n, sizeof(cid.name) - 1); } p = ast->pvt->pvt; @@ -734,7 +735,7 @@ static void phone_check_exception(struct phone_pvt *i) ioctl(i->fd, PHONE_CPT_STOP); i->dialtone = 0; if (strlen(i->ext) < AST_MAX_EXTENSION - 1) - strcat(i->ext, digit); + strncat(i->ext, digit, sizeof(i->ext) - strlen(i->ext) - 1); if (ast_exists_extension(NULL, i->context, i->ext, 1, i->callerid)) { /* It's a valid extension in its context, get moving! */ phone_new(i, AST_STATE_RING, i->context); diff --git a/channels/chan_sip.c b/channels/chan_sip.c index ad6c3a0c9..7b3137b73 100755 --- a/channels/chan_sip.c +++ b/channels/chan_sip.c @@ -1013,7 +1013,7 @@ static struct sip_user *mysql_user(char *user) for (x=0;x<numfields;x++) { if (rowval[x]) { if (!strcasecmp(fields[x].name, "secret")) { - strncpy(u->secret, rowval[x], sizeof(u->secret)); + strncpy(u->secret, rowval[x], sizeof(u->secret) - 1); } else if (!strcasecmp(fields[x].name, "name")) { strncpy(u->name, rowval[x], sizeof(u->name) - 1); } else if (!strcasecmp(fields[x].name, "context")) { @@ -1115,7 +1115,7 @@ static struct sip_peer *mysql_peer(char *peer, struct sockaddr_in *sin) for (x=0;x<numfields;x++) { if (rowval[x]) { if (!strcasecmp(fields[x].name, "secret")) { - strncpy(p->secret, rowval[x], sizeof(p->secret)); + strncpy(p->secret, rowval[x], sizeof(p->secret) - 1); } else if (!strcasecmp(fields[x].name, "name")) { strncpy(p->name, rowval[x], sizeof(p->name) - 1); } else if (!strcasecmp(fields[x].name, "context")) { @@ -2299,7 +2299,7 @@ static struct sip_pvt *sip_alloc(char *callid, struct sockaddr_in *sin, int useg /* Assume reinvite OK and via INVITE */ p->canreinvite = global_canreinvite; /* Assign default music on hold class */ - strncpy(p->musicclass, global_musicclass, sizeof(p->musicclass)); + strncpy(p->musicclass, global_musicclass, sizeof(p->musicclass) - 1); p->dtmfmode = global_dtmfmode; p->promiscredir = global_promiscredir; p->trustrpid = global_trustrpid; @@ -2931,7 +2931,7 @@ static void add_route(struct sip_request *req, struct sip_route *route) /*--- set_destination: Set destination from SIP URI ---*/ static void set_destination(struct sip_pvt *p, char *uri) { - char *h, *maddr, hostname[256]; + char *h, *maddr, hostname[256] = ""; char iabuf[INET_ADDRSTRLEN]; int port, hn; struct hostent *hp; @@ -2956,8 +2956,8 @@ static void set_destination(struct sip_pvt *p, char *uri) h += 5; } hn = strcspn(h, ":;>"); - if (hn>255) hn=255; - strncpy(hostname, h, hn); hostname[hn] = '\0'; + if (hn > (sizeof(hostname) - 1)) hn = sizeof(hostname) - 1; + strncpy(hostname, h, hn); hostname[hn] = '\0'; /* safe */ h+=hn; /* Is "port" present? if not default to 5060 */ @@ -2974,8 +2974,8 @@ static void set_destination(struct sip_pvt *p, char *uri) if (maddr) { maddr += 6; hn = strspn(maddr, "0123456789."); - if (hn>255) hn=255; - strncpy(hostname, maddr, hn); hostname[hn] = '\0'; + if (hn > (sizeof(hostname) - 1)) hn = sizeof(hostname) - 1; + strncpy(hostname, maddr, hn); hostname[hn] = '\0'; /* safe */ } hp = ast_gethostbyname(hostname, &ahp); @@ -3396,7 +3396,7 @@ static int add_sdp(struct sip_request *resp, struct sip_pvt *p) snprintf(costr, sizeof(costr), "a=rtpmap:%d %s/8000\r\n", codec, ast_rtp_lookup_mime_subtype(1, x)); strncat(a, costr, sizeof(a) - strlen(a) - 1); } else { - strncat(m2, costr, sizeof(m2) - strlen(m2)); + strncat(m2, costr, sizeof(m2) - strlen(m2) - 1); snprintf(costr, sizeof(costr), "a=rtpmap:%d %s/90000\r\n", codec, ast_rtp_lookup_mime_subtype(1, x)); strncat(a2, costr, sizeof(a2) - strlen(a2) - 1); } @@ -3424,9 +3424,9 @@ static int add_sdp(struct sip_request *resp, struct sip_pvt *p) } strncat(a, "a=silenceSupp:off - - - -\r\n", sizeof(a) - strlen(a) - 1); if (strlen(m) < sizeof(m) - 2) - strcat(m, "\r\n"); + strncat(m, "\r\n", sizeof(m) - strlen(m) - 1); if (strlen(m2) < sizeof(m2) - 2) - strcat(m2, "\r\n"); + strncat(m2, "\r\n", sizeof(m2) - strlen(m2) - 1); if ((sizeof(m) <= strlen(m) - 2) || (sizeof(m2) <= strlen(m2) - 2) || (sizeof(a) == strlen(a)) || (sizeof(a2) == strlen(a2))) ast_log(LOG_WARNING, "SIP SDP may be truncated due to undersized buffer!!\n"); len = strlen(v) + strlen(s) + strlen(o) + strlen(c) + strlen(t) + strlen(m) + strlen(a); @@ -4171,7 +4171,7 @@ static void reg_source_db(struct sip_peer *p) if (u) { *u = '\0'; u++; - strncpy(p->username, u, sizeof(p->username)); + strncpy(p->username, u, sizeof(p->username) - 1); } ast_verbose(VERBOSE_PREFIX_3 "SIP Seeding '%s' at %s@%s:%d for %d\n", p->name, p->username, ast_inet_ntoa(iabuf, sizeof(iabuf), in), atoi(c), atoi(d)); @@ -4302,7 +4302,7 @@ static int parse_contact(struct sip_pvt *pvt, struct sip_peer *p, struct sip_req /* Save User agent */ useragent = get_header(req, "User-Agent"); if(useragent && strcasecmp(useragent, p->useragent)) { - strncpy(p->useragent, useragent, sizeof(p->useragent)); + strncpy(p->useragent, useragent, sizeof(p->useragent) - 1); if (option_verbose > 2) { ast_verbose(VERBOSE_PREFIX_3 "Saved useragent \"%s\" for peer %s\n",p->useragent,p->name); } @@ -4372,7 +4372,7 @@ static void build_route(struct sip_pvt *p, struct sip_request *req, int backward /* Make a struct route */ thishop = (struct sip_route *)malloc(sizeof(struct sip_route)+len+1); if (thishop) { - strncpy(thishop->hop, rr, len); + strncpy(thishop->hop, rr, len); /* safe */ thishop->hop[len] = '\0'; ast_log(LOG_DEBUG, "build_route: Record-Route hop: <%s>\n", thishop->hop); /* Link in */ @@ -4412,7 +4412,7 @@ static void build_route(struct sip_pvt *p, struct sip_request *req, int backward } thishop = (struct sip_route *)malloc(sizeof(struct sip_route)+len+1); if (thishop) { - strncpy(thishop->hop, c, len); + strncpy(thishop->hop, c, len); /* safe */ thishop->hop[len] = '\0'; thishop->next = NULL; /* Goes at the end */ @@ -5027,10 +5027,13 @@ static int check_via(struct sip_pvt *p, struct sip_request *req) } /*--- get_calleridname: Get caller id name from SIP headers ---*/ -static char *get_calleridname(char *input,char *output) +static char *get_calleridname(char *input,char *output, size_t outputsize) { char *end = strchr(input,'<'); char *tmp = strchr(input,'\"'); + int bytes = 0; + int maxbytes = outputsize - 1; + if (!end || (end == input)) return NULL; /* move away from "<" */ end--; @@ -5038,7 +5041,13 @@ static char *get_calleridname(char *input,char *output) if (tmp && tmp < end) { end = strchr(tmp+1,'\"'); if (!end) return NULL; - strncpy(output,tmp+1,(int)(end-tmp-1)); + bytes = (int)(end-tmp-1); + /* protect the output buffer */ + if (bytes > maxbytes) { + bytes = maxbytes; + } + strncpy(output, tmp+1, bytes); /* safe */ + output[maxbytes] = '\0'; } else { /* we didn't find "name" */ /* clear the empty characters in the begining*/ @@ -5047,10 +5056,17 @@ static char *get_calleridname(char *input,char *output) /* clear the empty characters in the end */ while(*end && (*end < 33) && end > input) end--; - if (end >= input) - strncpy(output,input,(int)(end-input)+1); + if (end >= input) { + bytes = (int)(end-input)+1; + /* protect the output buffer */ + if (bytes > maxbytes) { + bytes = maxbytes; + } + strncpy(output, input, bytes); /* safe */ + output[maxbytes] = '\0'; + } else - output = NULL; + return(NULL); } return output; } @@ -5107,7 +5123,7 @@ static int check_user_full(struct sip_pvt *p, struct sip_request *req, char *cmd of = get_header(req, "From"); strncpy(from, of, sizeof(from) - 1); memset(calleridname,0,sizeof(calleridname)); - get_calleridname(from,calleridname); + get_calleridname(from, calleridname, sizeof(calleridname)); rpid = get_header(req, "Remote-Party-ID"); memset(rpid_num,0,sizeof(rpid_num)); @@ -5306,12 +5322,12 @@ static int get_msg_text(char *buf, int len, struct sip_request *req) if (y < 0) y = 0; for (x=0;x<req->lines;x++) { - strncat(buf, req->line[x], y); + strncat(buf, req->line[x], y); /* safe */ y -= strlen(req->line[x]) + 1; if (y < 0) y = 0; if (y != 0) - strcat(buf, "\n"); + strcat(buf, "\n"); /* safe */ } return 0; } @@ -5346,8 +5362,8 @@ static int sip_show_inuse(int fd, int argc, char *argv[]) { #define FORMAT "%-15.15s %-15.15s %-15.15s %-15.15s %-15.15s\n" #define FORMAT2 "%-15.15s %-15.15s %-15.15s %-15.15s %-15.15s\n" struct sip_user *user; - char ilimits[40]; - char olimits[40]; + char ilimits[40] = ""; + char olimits[40] = ""; char iused[40]; char oused[40]; if (argc != 3) @@ -5359,11 +5375,11 @@ static int sip_show_inuse(int fd, int argc, char *argv[]) { if (user->incominglimit) snprintf(ilimits, sizeof(ilimits), "%d", user->incominglimit); else - strcpy(ilimits, "N/A"); + strncpy(ilimits, "N/A", sizeof(ilimits) - 1); if (user->outgoinglimit) snprintf(olimits, sizeof(olimits), "%d", user->outgoinglimit); else - strcpy(olimits, "N/A"); + strncpy(olimits, "N/A", sizeof(olimits) - 1); snprintf(iused, sizeof(iused), "%d", user->inUse); snprintf(oused, sizeof(oused), "%d", user->outUse); ast_cli(fd, FORMAT2, user->name, iused, ilimits,oused,olimits); @@ -5410,7 +5426,7 @@ static int sip_show_peers(int fd, int argc, char *argv[]) ast_cli(fd, FORMAT2, "Name/username", "Host", "Dyn", "Nat", "ACL", "Mask", "Port", "Status"); for (peer = peerl.peers;peer;peer = peer->next) { char nm[20] = ""; - char status[20]; + char status[20] = ""; int print_line = -1; char srch[2000]; @@ -5421,15 +5437,15 @@ static int sip_show_peers(int fd, int argc, char *argv[]) strncpy(name, peer->name, sizeof(name) - 1); if (peer->maxms) { if (peer->lastms < 0) - strcpy(status, "UNREACHABLE"); + strncpy(status, "UNREACHABLE", sizeof(status) - 1); else if (peer->lastms > peer->maxms) snprintf(status, sizeof(status), "LAGGED (%d ms)", peer->lastms); else if (peer->lastms) snprintf(status, sizeof(status), "OK (%d ms)", peer->lastms); else - strcpy(status, "UNKNOWN"); + strncpy(status, "UNKNOWN", sizeof(status) - 1); } else - strcpy(status, "Unmonitored"); + strncpy(status, "Unmonitored", sizeof(status) - 1); snprintf(srch, sizeof(srch), FORMAT, name, peer->addr.sin_addr.s_addr ? ast_inet_ntoa(iabuf, sizeof(iabuf), peer->addr.sin_addr) : "(Unspecified)", peer->dynamic ? " D " : " ", /* Dynamic or not? */ @@ -5510,7 +5526,7 @@ static void print_group(int fd, unsigned int group) /*--- sip_show_peer: Show one peer in detail ---*/ static int sip_show_peer(int fd, int argc, char *argv[]) { - char status[30]; + char status[30] = ""; char iabuf[INET_ADDRSTRLEN]; struct sip_peer *peer; @@ -5590,13 +5606,13 @@ static int sip_show_peer(int fd, int argc, char *argv[]) ast_cli(fd, "\n"); ast_cli(fd, " Status : "); if (peer->lastms < 0) - strcpy(status, "UNREACHABLE"); + strncpy(status, "UNREACHABLE", sizeof(status) - 1); else if (peer->lastms > peer->maxms) snprintf(status, sizeof(status), "LAGGED (%d ms)", peer->lastms); else if (peer->lastms) snprintf(status, sizeof(status), "OK (%d ms)", peer->lastms); else - strcpy(status, "UNKNOWN"); + strncpy(status, "UNKNOWN", sizeof(status) - 1); ast_cli(fd, "%s\n",status); ast_cli(fd, " Useragent : %s\n", peer->useragent); ast_cli(fd,"\n"); @@ -7664,7 +7680,7 @@ static int sip_poke_peer(struct sip_peer *peer) p->peerpoke = peer; p->outgoing = 1; #ifdef VOCAL_DATA_HACK - strncpy(p->username, "__VOCAL_DATA_SHOULD_READ_THE_SIP_SPEC__", sizeof(p->username)); + strncpy(p->username, "__VOCAL_DATA_SHOULD_READ_THE_SIP_SPEC__", sizeof(p->username) - 1); transmit_invite(p, "INVITE", 0, NULL, NULL, NULL,NULL,NULL, 1); #else transmit_invite(p, "OPTIONS", 0, NULL, NULL, NULL,NULL,NULL, 1); @@ -7824,7 +7840,7 @@ static struct sip_user *build_user(char *name, struct ast_variable *v) strncpy(user->musicclass, global_musicclass, sizeof(user->musicclass)-1); while(v) { if (!strcasecmp(v->name, "context")) { - strncpy(user->context, v->value, sizeof(user->context)); + strncpy(user->context, v->value, sizeof(user->context) - 1); } else if (!strcasecmp(v->name, "permit") || !strcasecmp(v->name, "deny")) { user->ha = ast_append_ha(v->name, v->value, user->ha); diff --git a/channels/chan_skinny.c b/channels/chan_skinny.c index 3472cac54..c624324b8 100755 --- a/channels/chan_skinny.c +++ b/channels/chan_skinny.c @@ -1060,7 +1060,7 @@ static struct skinny_device *build_device(char *cat, struct ast_variable *v) nat = ast_true(v->value); } else if (!strcasecmp(v->name, "callerid")) { if (!strcasecmp(v->value, "asreceived")) { - strcpy(callerid, ""); + callerid[0] = '\0'; } else { strncpy(callerid, v->value, sizeof(callerid) - 1); } @@ -1208,7 +1208,7 @@ static int skinny_register(skinny_req *req, struct skinnysession *s) s->device = d; d->type = req->data.reg.type; if (ast_strlen_zero(d->version_id)) { - strncpy(d->version_id, version_id, sizeof(d->version_id)); + strncpy(d->version_id, version_id, sizeof(d->version_id) - 1); } d->registered = 1; d->session = s; @@ -1276,7 +1276,7 @@ static void *skinny_ss(void *data) if (!res || !ast_matchmore_extension(chan, chan->context, exten, 1, l->callerid)) { if (getforward) { /* Record this as the forwarding extension */ - strncpy(l->call_forward, exten, sizeof(l->call_forward)); + strncpy(l->call_forward, exten, sizeof(l->call_forward) - 1); if (option_verbose > 2) { ast_verbose(VERBOSE_PREFIX_3 "Setting call forward to '%s' on channel %s\n", l->call_forward, chan->name); @@ -1792,7 +1792,7 @@ static struct ast_channel *skinny_new(struct skinny_subchannel *sub, int state) ast_update_use_count(); tmp->callgroup = l->callgroup; tmp->pickupgroup = l->pickupgroup; - strncpy(tmp->call_forward, l->call_forward, sizeof(tmp->call_forward)); + strncpy(tmp->call_forward, l->call_forward, sizeof(tmp->call_forward) - 1); strncpy(tmp->context, l->context, sizeof(tmp->context)-1); strncpy(tmp->exten,l->exten, sizeof(tmp->exten)-1); if (!ast_strlen_zero(l->callerid)) { @@ -1858,7 +1858,7 @@ static int handle_message(skinny_req *req, struct skinnysession *s) memset(req, 0, sizeof(skinny_req)); req->len = sizeof(register_rej_message)+4; req->e = REGISTER_REJ_MESSAGE; - sprintf(req->data.regrej.errMsg, "No Authority: %s", name); + snprintf(req->data.regrej.errMsg, sizeof(req->data.regrej.errMsg), "No Authority: %s", name); transmit_response(s, req); break; } @@ -1868,10 +1868,12 @@ static int handle_message(skinny_req *req, struct skinnysession *s) memset(req, 0, SKINNY_MAX_PACKET); req->len = sizeof(register_ack_message)+4; req->e = REGISTER_ACK_MESSAGE; - strcpy(req->data.regack.res, "0"); + req->data.regack.res[0] = '0'; + req->data.regack.res[1] = '\0'; req->data.regack.keepAlive = keep_alive; - strcpy(req->data.regack.dateTemplate, date_format); - strcpy(req->data.regack.res2, "0"); + strncpy(req->data.regack.dateTemplate, date_format, sizeof(req->data.regack.dateTemplate) - 1); + req->data.regack.res2[0] = '0'; + req->data.regack.res2[1] = '\0'; req->data.regack.secondaryKeepAlive = keep_alive; transmit_response(s, req); if (skinnydebug) { @@ -1953,7 +1955,7 @@ static int handle_message(skinny_req *req, struct skinnysession *s) memset(req, 0, SKINNY_MAX_PACKET); req->len = sizeof(version_res_message)+4; req->e = VERSION_RES_MESSAGE; - sprintf(req->data.version.version, s->device->version_id); + snprintf(req->data.version.version, sizeof(req->data.version.version), s->device->version_id); transmit_response(s, req); break; case SERVER_REQUEST_MESSAGE: @@ -2045,8 +2047,8 @@ static int handle_message(skinny_req *req, struct skinnysession *s) #if 0 /* XXX Do this right XXX */ req->data.speeddialreq.speedDialNumber = speedDialNum; - sprintf(req->data.speeddial.speedDialDirNumber, "31337"); - sprintf(req->data.speeddial.speedDialDisplayName, "Asterisk Rules!"); + snprintf(req->data.speeddial.speedDialDirNumber, sizeof(req->data.speeddial.speedDialDirNumber), "31337"); + snprintf(req->data.speeddial.speedDialDisplayName, sizeof(req->data.speeddial.speedDialDisplayName),"Asterisk Rules!"); #endif transmit_response(s, req); break; @@ -2177,11 +2179,21 @@ static int handle_message(skinny_req *req, struct skinnysession *s) } f.frametype = AST_FRAME_DTMF; if (digit == 14) { - sprintf(&d, "*"); + d = '*'; } else if (digit == 15) { - sprintf(&d, "#"); + d = '#'; + } else if (digit >=0 && digit <= 9) { + d = '0' + digit; } else { - sprintf(&d, "%d", digit); + /* digit=10-13 (A,B,C,D ?), or + * digit is bad value + * + * probably should not end up here, but set + * value for backward compatibility, and log + * a warning. + */ + d = '0' + digit; + ast_log(LOG_WARNING, "Unsupported digit %d\n", digit); } f.subclass = d; f.src = "skinny"; diff --git a/channels/chan_vofr.c b/channels/chan_vofr.c index b249de10d..ad567aff4 100755 --- a/channels/chan_vofr.c +++ b/channels/chan_vofr.c @@ -133,20 +133,20 @@ static char *dtypestr(int control) static char *vflagsstr(int flags) { - static char buf[80]; + static char buf[80] = ""; buf[0] = '\0'; if (!flags) return "(None)"; if (flags & VOFR_ROUTE_LOCAL) - strcat(buf, "Local "); + strncat(buf, "Local ", sizeof(buf) - strlen(buf) - 1); if (flags & VOFR_ROUTE_VOICE) - strcat(buf, "Voice "); + strncat(buf, "Voice ", sizeof(buf) - strlen(buf) - 1); if (flags & VOFR_ROUTE_DTE) - strcat(buf, "DTE "); + strncat(buf, "DTE ", sizeof(buf) - strlen(buf) - 1); else if (flags & VOFR_ROUTE_DTE1) - strcat(buf, "DTE1 "); + strncat(buf, "DTE1 ", sizeof(buf) - strlen(buf) - 1); else if (flags & VOFR_ROUTE_DTE2) - strcat(buf, "DTE2 "); + strncat(buf, "DTE2 ", sizeof(buf) - strlen(buf) - 1); return buf; } diff --git a/channels/chan_vpb.c b/channels/chan_vpb.c index 62c6fa89f..e07b1c7d5 100755 --- a/channels/chan_vpb.c +++ b/channels/chan_vpb.c @@ -435,10 +435,10 @@ static void get_callerid(struct vpb_pvt *p) // This decodes FSK 1200baud type callerid if ((rc=vpb_cid_decode(callerid, buf, CID_MSECS*8)) == VPB_OK ) { if(!*callerid) - strcpy(callerid,"undisclosed"); // blocked CID (eg caller used 1831) + strncpy(callerid,"undisclosed", sizeof(callerid) - 1); // blocked CID (eg caller used 1831) } else { ast_log(LOG_ERROR, "Failed to decode caller id on %s - %s\n", p->dev, vpb_strerror(rc) ); - strcpy(callerid,"unknown"); + strncpy(callerid,"unknown", sizeof(callerid) - 1); } p->owner->callerid = strdup(callerid); @@ -756,7 +756,7 @@ static inline int monitor_handle_notowned(struct vpb_pvt *p, VPB_EVENT *e) } p->state=VPB_STATE_GETDTMF; s[0] = e->data; - strcat(p->ext, s); + strncat(p->ext, s, sizeof(p->ext) - strlen(p->ext) - 1); if (ast_exists_extension(NULL, p->context, p->ext, 1, p->callerid)){ vpb_new(p,AST_STATE_RING, p->context); } else if (!ast_canmatch_extension(NULL, p->context, p->ext, 1, p->callerid)){ @@ -1018,20 +1018,20 @@ struct vpb_pvt *mkif(int board, int channel, int mode, float txgain, float rxgai return NULL; } - sprintf(tmp->dev, "vpb/%d-%d", board, channel); + snprintf(tmp->dev, sizeof(tmp->dev), "vpb/%d-%d", board, channel); tmp->mode = mode; tmp->group = group; - strcpy(tmp->language, language); - strcpy(tmp->context, context); + strncpy(tmp->language, language, sizeof(tmp->language) - 1); + strncpy(tmp->context, context, sizeof(tmp->context) - 1); if(callerid) { - strcpy(tmp->callerid, callerid); + strncpy(tmp->callerid, callerid, sizeof(tmp->callerid) - 1); free(callerid); } else { - strcpy(tmp->callerid, "unknown"); + strncpy(tmp->callerid, "unknown", sizeof(tmp->callerid) - 1); } /* check if codec balances have been set in the config file */ @@ -1202,7 +1202,7 @@ static int vpb_call(struct ast_channel *ast, char *dest, int timeout) struct vpb_pvt *p = (struct vpb_pvt *)ast->pvt->pvt; int res = 0,i; char *s = strrchr(dest, '/'); - char dialstring[254]; + char dialstring[254] = ""; int tmp = 0; if (option_verbose > 3) ast_verbose("%s: LOCKING in call \n", p->dev); @@ -1212,7 +1212,7 @@ static int vpb_call(struct ast_channel *ast, char *dest, int timeout) s = s + 1; else s = dest; - strcpy(dialstring,s); + strncpy(dialstring, s, sizeof(dialstring) - 1); for (i=0; dialstring[i] != '\0' ; i++) { if ((dialstring[i] == 'w') || (dialstring[i] == 'W')) dialstring[i] = ','; @@ -1789,7 +1789,7 @@ static struct ast_channel *vpb_new(struct vpb_pvt *i, int state, char *context) tmp = ast_channel_alloc(1); if (tmp) { - strncpy(tmp->name, i->dev, sizeof(tmp->name)); + strncpy(tmp->name, i->dev, sizeof(tmp->name) - 1); tmp->type = type; // Linear is the preferred format. Although Voicetronix supports other formats diff --git a/channels/chan_zap.c b/channels/chan_zap.c index ccb534f2c..8d8f529b9 100755 --- a/channels/chan_zap.c +++ b/channels/chan_zap.c @@ -929,7 +929,7 @@ static char *event2str(int event) static char buf[256]; if ((event < 15) && (event > -1)) return events[event]; - sprintf(buf, "Event %d", event); + sprintf(buf, "Event %d", event); /* safe */ return buf; } @@ -1531,7 +1531,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout) snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "Tw%s", c); ast_log(LOG_DEBUG, "FXO: setup deferred dialstring: %s\n", c); } else { - strcpy(p->dop.dialstr, ""); + p->dop.dialstr[0] = '\0'; } x = ZT_RING; if (ioctl(p->subs[SUB_REAL].zfd, ZT_HOOK, &x) && (errno != EINPROGRESS)) { @@ -1546,7 +1546,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout) if (ast->callerid) strncpy(p->callwaitcid, ast->callerid, sizeof(p->callwaitcid)-1); else - strcpy(p->callwaitcid, ""); + p->callwaitcid[0] = '\0'; /* Call waiting tone instead */ if (zt_callwait(ast)) { ast_mutex_unlock(&p->lock); @@ -1560,7 +1560,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout) if (ast->callerid) strncpy(callerid, ast->callerid, sizeof(callerid)-1); else - strcpy(callerid, ""); + callerid[0] = '\0'; ast_callerid_parse(callerid, &n, &l); if (l) { ast_shrink_phone_number(l); @@ -1568,9 +1568,9 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout) l = NULL; } if (l) - strcpy(p->lastcallerid, l); + strncpy(p->lastcallerid, l, sizeof(p->lastcallerid) - 1); else - strcpy(p->lastcallerid, ""); + p->lastcallerid[0] = '\0'; ast_setstate(ast, AST_STATE_RINGING); index = zt_get_index(ast, p, 0); if (index > -1) { @@ -1647,7 +1647,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout) snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "M*02#*%s#", c + p->stripmsd); } else if (p->sig == SIG_E911) { - strcpy(p->dop.dialstr,"M*911#"); + strncpy(p->dop.dialstr, "M*911#", sizeof(p->dop.dialstr) - 1); } else if (p->sig == SIG_FEATB) { snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "M*%s#", c + p->stripmsd); @@ -1655,8 +1655,8 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout) snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "T%sw", c + p->stripmsd); if (strlen(p->dop.dialstr) > 4) { memset(p->echorest, 'w', sizeof(p->echorest) - 1); - p->echorest[sizeof(p->echorest) - 1] = '\0'; strcpy(p->echorest + (p->echotraining / 400) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2); + p->echorest[sizeof(p->echorest) - 1] = '\0'; p->echobreak = 1; p->dop.dialstr[strlen(p->dop.dialstr)-2] = '\0'; } else @@ -1681,7 +1681,7 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout) break; case SIG_PRI: /* We'll get it in a moment -- but use dialdest to store pre-setup_ack digits */ - strcpy(p->dialdest, ""); + p->dialdest[0] = '\0'; break; default: ast_log(LOG_DEBUG, "not yet implemented\n"); @@ -1717,10 +1717,10 @@ static int zt_call(struct ast_channel *ast, char *rdest, int timeout) if (strlen(s)) snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "T%s", s); else - strcpy(p->dop.dialstr, ""); + p->dop.dialstr[0] = '\0'; *s = '\0'; } else { - strcpy(p->dop.dialstr, ""); + p->dop.dialstr[0] = '\0'; } if (pri_grab(p, p->pri)) { ast_log(LOG_WARNING, "Failed to grab PRI!\n"); @@ -1936,7 +1936,7 @@ static int zt_hangup(struct ast_channel *ast) if (p->dsp) ast_dsp_digitmode(p->dsp,DSP_DIGITMODE_DTMF | p->dtmfrelax); if (p->exten) - strcpy(p->exten, ""); + p->exten[0] = '\0'; ast_log(LOG_DEBUG, "Hangup: channel: %d index = %d, normal = %d, callwait = %d, thirdcall = %d\n", p->channel, index, p->subs[SUB_REAL].zfd, p->subs[SUB_CALLWAIT].zfd, p->subs[SUB_THREEWAY].zfd); @@ -2154,7 +2154,7 @@ static int zt_hangup(struct ast_channel *ast) p->callwaiting = p->permcallwaiting; p->hidecallerid = p->permhidecallerid; p->dialing = 0; - strcpy(p->rdnis, ""); + p->rdnis[0] = '\0'; update_conf(p); /* Restore data mode */ if (p->sig == SIG_PRI) { @@ -3049,7 +3049,7 @@ static struct ast_frame *zt_handle_event(struct ast_channel *ast) zt_enable_ec(p); if (p->echobreak) { zt_train_ec(p); - strcpy(p->dop.dialstr, p->echorest); + strncpy(p->dop.dialstr, p->echorest, sizeof(p->dop.dialstr) - 1); p->dop.op = ZT_DIAL_OP_REPLACE; res = ioctl(p->subs[SUB_REAL].zfd, ZT_DIAL, &p->dop); p->echobreak = 0; @@ -3203,11 +3203,11 @@ static struct ast_frame *zt_handle_event(struct ast_channel *ast) else c = p->dialdest; if (*c) snprintf(p->dop.dialstr, sizeof(p->dop.dialstr), "M*0%s#", c); - else strcpy(p->dop.dialstr,"M*2#"); + else strncpy(p->dop.dialstr,"M*2#", sizeof(p->dop.dialstr) - 1); if (strlen(p->dop.dialstr) > 4) { memset(p->echorest, 'w', sizeof(p->echorest) - 1); - p->echorest[sizeof(p->echorest) - 1] = '\0'; strcpy(p->echorest + (p->echotraining / 401) + 1, p->dop.dialstr + strlen(p->dop.dialstr) - 2); + p->echorest[sizeof(p->echorest) - 1] = '\0'; p->echobreak = 1; p->dop.dialstr[strlen(p->dop.dialstr)-2] = '\0'; } else @@ -3402,7 +3402,9 @@ static struct ast_frame *zt_handle_event(struct ast_channel *ast) if (p->zaptrcallerid) { if (!p->origcallerid) { p->origcallerid = malloc(strlen(p->callerid) + 1); - strncpy(p->origcallerid, p->callerid, strlen(p->callerid) + 1); + strncpy(p->origcallerid, p->callerid, strlen(p->callerid)); /* safe */ + /* make sure p->origcallerid is terminated */ + p->origcallerid[strlen(p->callerid)] = '\0'; } strncpy(p->callerid, callerid, sizeof(p->callerid) -1); } @@ -4341,7 +4343,7 @@ static struct ast_channel *zt_new(struct zt_pvt *i, int state, int startpbx, int i->subs[index].owner = tmp; strncpy(tmp->context, i->context, sizeof(tmp->context)-1); /* Copy call forward info */ - strncpy(tmp->call_forward, i->call_forward, sizeof(tmp->call_forward)); + strncpy(tmp->call_forward, i->call_forward, sizeof(tmp->call_forward) - 1); /* If we've been told "no ADSI" then enforce it */ if (!i->adsi) tmp->adsicpe = AST_ADSI_UNAVAILABLE; @@ -4512,7 +4514,7 @@ static void *ss_thread(void *data) tone_zone_play_tone(p->subs[index].zfd, -1); if (ast_exists_extension(chan, chan->context, exten, 1, p->callerid)) { /* Start the real PBX */ - strncpy(chan->exten, exten, sizeof(chan->exten)); + strncpy(chan->exten, exten, sizeof(chan->exten) - 1); ast_dsp_digitreset(p->dsp); ast_setstate(chan, AST_STATE_RING); res = ast_pbx_run(chan); @@ -4662,7 +4664,7 @@ static void *ss_thread(void *data) chan->ani = strdup(chan->callerid); } if (s1) strncpy(exten, s1, sizeof(exten)-1); - else strcpy(exten,"911"); + else strncpy(exten, "911", sizeof(exten) - 1); printf("E911: exten: %s, ANI: %s\n",exten,chan->ani); } else ast_log(LOG_WARNING, "Got a non-E911 input on channel %d. Assuming E&M Wink instead\n", p->channel); @@ -4739,7 +4741,7 @@ static void *ss_thread(void *data) if (!res || !ast_matchmore_extension(chan, chan->context, exten, 1, p->callerid)) { if (getforward) { /* Record this as the forwarding extension */ - strncpy(p->call_forward, exten, sizeof(p->call_forward)); + strncpy(p->call_forward, exten, sizeof(p->call_forward) - 1); if (option_verbose > 2) ast_verbose(VERBOSE_PREFIX_3 "Setting call forward to '%s' on channel %d\n", p->call_forward, p->channel); res = tone_zone_play_tone(p->subs[index].zfd, ZT_TONE_DIALRECALL); @@ -5080,7 +5082,7 @@ static void *ss_thread(void *data) } else if (number) { snprintf(cid, sizeof(cid), "%s", number); } else { - strcpy(cid, ""); + cid[0] = '\0'; } if (cs) callerid_free(cs); @@ -7108,25 +7110,27 @@ static void *pri_dchannel(void *vpri) } else strncpy(pri->pvts[chanpos]->callerid, e->ring.callingnum, sizeof(pri->pvts[chanpos]->callerid)-1); } else - strcpy(pri->pvts[chanpos]->callerid, ""); - strncpy(pri->pvts[chanpos]->rdnis, e->ring.redirectingnum, sizeof(pri->pvts[chanpos]->rdnis)); + pri->pvts[chanpos]->callerid[0] = '\0'; + strncpy(pri->pvts[chanpos]->rdnis, e->ring.redirectingnum, sizeof(pri->pvts[chanpos]->rdnis) - 1); /* If immediate=yes go to s|1 */ if (pri->pvts[chanpos]->immediate) { if (option_verbose > 2) ast_verbose(VERBOSE_PREFIX_3 "Going to extension s|1 because of immediate=yes\n"); - strcpy(pri->pvts[chanpos]->exten, "s"); + pri->pvts[chanpos]->exten[0] = 's'; + pri->pvts[chanpos]->exten[1] = '\0'; } /* Get called number */ else if (!ast_strlen_zero(e->ring.callednum)) { strncpy(pri->pvts[chanpos]->exten, e->ring.callednum, sizeof(pri->pvts[chanpos]->exten)-1); - strncpy(pri->pvts[chanpos]->dnid, e->ring.callednum, sizeof(pri->pvts[chanpos]->dnid)); + strncpy(pri->pvts[chanpos]->dnid, e->ring.callednum, sizeof(pri->pvts[chanpos]->dnid) - 1); } else - strcpy(pri->pvts[chanpos]->exten, ""); + pri->pvts[chanpos]->exten[0] = '\0'; /* No number yet, but received "sending complete"? */ if (e->ring.complete && (ast_strlen_zero(e->ring.callednum))) { if (option_verbose > 2) ast_verbose(VERBOSE_PREFIX_3 "Going to extension s|1 because of Complete received\n"); - strcpy(pri->pvts[chanpos]->exten, "s"); + pri->pvts[chanpos]->exten[0] = 's'; + pri->pvts[chanpos]->exten[1] = '\0'; } /* Make sure extension exists (or in overlap dial mode, can exist) */ if ((pri->overlapdial && ast_canmatch_extension(NULL, pri->pvts[chanpos]->context, pri->pvts[chanpos]->exten, 1, pri->pvts[chanpos]->callerid)) || @@ -7723,21 +7727,25 @@ static int handle_pri_really_debug(int fd, int argc, char *argv[]) return RESULT_SUCCESS; } -static void build_status(char *s, int status, int active) +static void build_status(char *s, size_t len, int status, int active) { - strcpy(s, ""); + if (!s || len < 1) { + return; + } + s[0] = '\0'; if (status & DCHAN_PROVISIONED) - strcat(s, "Provisioned, "); + strncat(s, "Provisioned, ", len - strlen(s) - 1); if (!(status & DCHAN_NOTINALARM)) - strcat(s, "In Alarm, "); + strncat(s, "In Alarm, ", len - strlen(s) - 1); if (status & DCHAN_UP) - strcat(s, "Up"); + strncat(s, "Up", len - strlen(s) - 1); else - strcat(s, "Down"); + strncat(s, "Down", len - strlen(s) - 1); if (active) - strcat(s, ", Active"); + strncat(s, ", Active", len - strlen(s) - 1); else - strcat(s, ", Standby"); + strncat(s, ", Standby", len - strlen(s) - 1); + s[len - 1] = '\0'; } static int handle_pri_show_span(int fd, int argc, char *argv[]) @@ -7759,7 +7767,7 @@ static int handle_pri_show_span(int fd, int argc, char *argv[]) for(x=0;x<NUM_DCHANS;x++) { if (pris[span-1].dchannels[x]) { ast_cli(fd, "%s D-channel: %d\n", pri_order(x), pris[span-1].dchannels[x]); - build_status(status, pris[span-1].dchanavail[x], pris[span-1].dchans[x] == pris[span-1].pri); + build_status(status, sizeof(status), pris[span-1].dchanavail[x], pris[span-1].dchans[x] == pris[span-1].pri); ast_cli(fd, "Status: %s\n", status); pri_dump_info(pris[span-1].pri); ast_cli(fd, "\n"); @@ -7904,7 +7912,7 @@ static int zap_show_channels(int fd, int argc, char **argv) #define FORMAT "%7s %-10.10s %-15.15s %-10.10s %-20.20s\n" #define FORMAT2 "%7s %-10.10s %-15.15s %-10.10s %-20.20s\n" struct zt_pvt *tmp = NULL; - char tmps[20]; + char tmps[20] = ""; ast_mutex_t *lock; struct zt_pvt *start; #ifdef ZAPATA_PRI @@ -7948,9 +7956,9 @@ static int zap_show_channels(int fd, int argc, char **argv) tmp = start; while (tmp) { if (tmp->channel > 0) { - sprintf(tmps, "%d", tmp->channel); + snprintf(tmps, sizeof(tmps), "%d", tmp->channel); } else - strcpy(tmps, "pseudo"); + strncpy(tmps, "pseudo", sizeof(tmps) - 1); ast_cli(fd, FORMAT, tmps, tmp->exten, tmp->context, tmp->language, tmp->musicclass); tmp = tmp->next; } @@ -8104,20 +8112,20 @@ static int handle_zap_show_cadences(int fd, int argc, char *argv[]) for (i=0;i<num_cadence;i++) { char output[1024]; char tmp[16], tmp2[64]; - snprintf(tmp, sizeof(tmp) - 1, "r%d: ", i + 1); + snprintf(tmp, sizeof(tmp), "r%d: ", i + 1); term_color(output, tmp, COLOR_GREEN, COLOR_BLACK, sizeof(output)); for (j=0;j<16;j++) { if (cadences[i].ringcadence[j] == 0) break; - snprintf(tmp,sizeof(tmp) - 1,"%d", cadences[i].ringcadence[j]); + snprintf(tmp, sizeof(tmp), "%d", cadences[i].ringcadence[j]); if (cidrings[i] * 2 - 1 == j) term_color(tmp2, tmp, COLOR_MAGENTA, COLOR_BLACK, sizeof(tmp2) - 1); else term_color(tmp2, tmp, COLOR_GREEN, COLOR_BLACK, sizeof(tmp2) - 1); if (j != 0) - strncat(output, ",", sizeof(output) - strlen(output)); - strncat(output, tmp2, sizeof(output) - strlen(output)); + strncat(output, ",", sizeof(output) - strlen(output) - 1); + strncat(output, tmp2, sizeof(output) - strlen(output) - 1); } ast_cli(fd,"%s\n",output); } @@ -8706,7 +8714,7 @@ static int setup_zap(void) } } else if (!strcasecmp(v->name, "callerid")) { if (!strcasecmp(v->value, "asreceived")) - strcpy(callerid,""); + callerid[0] = '\0'; else strncpy(callerid, v->value, sizeof(callerid)-1); } else if (!strcasecmp(v->name, "useincomingcalleridonzaptransfer")) { @@ -8913,7 +8921,7 @@ static int setup_zap(void) char original_args[80]; int cadence_is_ok = 1; - strncpy(original_args, v->value, sizeof(original_args)); + strncpy(original_args, v->value, sizeof(original_args) - 1); /* 16 cadences allowed (8 pairs) */ element_count = sscanf(v->value, "%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d,%d", &c[0], &c[1], &c[2], &c[3], &c[4], &c[5], &c[6], &c[7], &c[8], &c[9], &c[10], &c[11], &c[12], &c[13], &c[14], &c[15]); @@ -9104,7 +9112,7 @@ static int reload_zt(void) char *stringp=NULL; /* Some crap that needs to be reinitialized on the reload */ - strcpy(context, "default"); + strncpy(context, "default", sizeof(context) - 1); language[0] = '\0'; musicclass[0] = '\0'; use_callerid = 1; @@ -9299,7 +9307,7 @@ static int reload_zt(void) } } else if (!strcasecmp(v->name, "callerid")) { if (!strcasecmp(v->value, "asreceived")) - strcpy(callerid,""); + callerid[0] = '\0'; else strncpy(callerid, v->value, sizeof(callerid)-1); } else if (!strcasecmp(v->name, "signalling")) { diff --git a/channels/iax2-provision.c b/channels/iax2-provision.c index da1097794..08964ebfe 100755 --- a/channels/iax2-provision.c +++ b/channels/iax2-provision.c @@ -70,17 +70,20 @@ static struct iax_flag { char *iax_provflags2str(char *buf, int buflen, unsigned int flags) { int x; - strcpy(buf, ""); + if (!buf || buflen < 1) { + return(NULL); + } + buf[0] = '\0'; for (x=0;x<sizeof(iax_flags) / sizeof(iax_flags[0]); x++) { if (flags & iax_flags[x].value){ - strcat(buf, iax_flags[x].name); - strcat(buf, ","); + strncat(buf, iax_flags[x].name, buflen - strlen(buf) - 1); + strncat(buf, ",", buflen - strlen(buf) - 1); } } if (strlen(buf)) buf[strlen(buf) - 1] = '\0'; else - strcpy(buf, "none"); + strncpy(buf, "none", buflen - 1); return buf; } @@ -276,7 +279,7 @@ static int iax_template_parse(struct iax_template *cur, struct ast_config *cfg, if (def) strncpy(cur->src, def, sizeof(cur->src) - 1); else - strcpy(cur->src, ""); + cur->src[0] = '\0'; v = ast_variable_browse(cfg, s); while(v) { if (!strcasecmp(v->name, "port") || !strcasecmp(v->name, "serverport")) { |