diff --git a/Makefile.rules b/Makefile.rules index 24ecf7f6af3a119220071b62dfdd7f38c8b1b8c6..934e44a92d41e28b9ecd89b160427683dc069b67 100644 --- a/Makefile.rules +++ b/Makefile.rules @@ -63,6 +63,7 @@ else endif OPTIMIZE?=-O3 + ifneq ($(findstring darwin,$(OSARCH)),) ifeq ($(shell if test `/usr/bin/sw_vers -productVersion | cut -c4` -gt 5; then echo 6; else echo 0; fi),6) # Snow Leopard/Lion has an issue with this optimization flag on large files (like chan_sip) @@ -70,15 +71,15 @@ ifneq ($(findstring darwin,$(OSARCH)),) endif endif -# gcc version 8.2.1 and above must have partial-inlining disabled to avoid documented bug. -# We must handle cross-compiling and clang so make sure the compiler version string has "gcc" -# somewhere in it before testing the version. -CC_VERS_STRING=$(shell $(CC) --version | grep -i gcc) -ifneq ($(CC_VERS_STRING),) -GCC_VER_GTE821:=$(shell expr `echo '$(CC_VERS_STRING)' | cut -d ' ' -f 3 | sed -e 's/\.\([0-9][0-9]\)/\1/g' -e 's/\.\([0-9]\)/0\1/g' -e 's/^[0-9]\{3,4\}$$/&00/'` \>= 80201) -ifeq ($(GCC_VER_GTE821),1) - OPTIMIZE+=-fno-partial-inlining -endif +ifeq ($(CC),gcc) + # gcc version 8.2.1 and above must have partial-inlining disabled in order + # to avoid a documented bug. Sort to make the lowest version number come + # first. If it's the specified version then the current gcc version is equal + # to or greater, so add the custom optimization rule. + gcc_versions=$(shell printf "%s\n" $$(gcc -dumpversion) 8.2.1 | sort -n) + ifeq ($(firstword $(gcc_versions)),8.2.1) + OPTIMIZE+=-fno-partial-inlining + endif endif ifeq ($(findstring DONT_OPTIMIZE,$(MENUSELECT_CFLAGS))$(AST_CODE_COVERAGE),no) diff --git a/addons/ooh323c/src/decode.c b/addons/ooh323c/src/decode.c index 3ce74bfb8c0e652cf8d9410d18a74d74448d0025..d0579c69b5a8c3d819dfb40ecb41811dfe9be466 100644 --- a/addons/ooh323c/src/decode.c +++ b/addons/ooh323c/src/decode.c @@ -737,6 +737,10 @@ static int decodeOctets nbits -= 8; } + if (nbits <= 0) { + return ASN_OK; + } + /* Copy last partial byte */ if (nbits >= rshift) { @@ -752,7 +756,7 @@ static int decodeOctets pctxt->buffer.bitOffset = 8 - nbitsInLastOctet; } - else if (nbits > 0) { /* nbits < rshift */ + else { /* nbits > 0 && nbits < rshift */ pbuffer[i] = pctxt->buffer.data[pctxt->buffer.byteIndex] << lshift; pctxt->buffer.bitOffset = rshift - nbits; @@ -832,8 +836,8 @@ int decodeOpenType int decodeSemiConsInteger (OOCTXT* pctxt, ASN1INT* pvalue, ASN1INT lower) { - signed char b; - unsigned char ub; + signed char b = 0; + unsigned char ub = 0; ASN1UINT nbytes; int stat; diff --git a/addons/ooh323c/src/ooSocket.c b/addons/ooh323c/src/ooSocket.c index 55bb0ac17ebd08d063a3e8930b3739ea4962a56a..151c1cf69a18f45c37a48165ec6745fbdc3b4276 100644 --- a/addons/ooh323c/src/ooSocket.c +++ b/addons/ooh323c/src/ooSocket.c @@ -389,7 +389,7 @@ int ooSocketAccept (OOSOCKET socket, OOSOCKET *pNewSocket, if (destAddr != 0) { if ((host = ast_sockaddr_stringify_addr(&addr)) != NULL) - strncpy(destAddr, host, strlen(host)); + memcpy(destAddr, host, strlen(host) + 1); } if (destPort != 0) *destPort = ast_sockaddr_port(&addr); diff --git a/addons/ooh323c/src/oochannels.c b/addons/ooh323c/src/oochannels.c index ca7b09c99d035ba8bbc91ad2be06cfb11e7ee3ff..3add1f30c668907d700421c3166b25083194569c 100644 --- a/addons/ooh323c/src/oochannels.c +++ b/addons/ooh323c/src/oochannels.c @@ -454,7 +454,7 @@ int ooAcceptH225Connection() call->callToken); if (remoteIP[0]) { - strncpy(call->remoteIP, remoteIP, strlen(remoteIP)); + memcpy(call->remoteIP, remoteIP, strlen(remoteIP) + 1); } ast_mutex_unlock(&call->Lock); diff --git a/apps/app_stack.c b/apps/app_stack.c index 4560865ab46e6c662d2f5226b0d003324f2235fe..179694b7e4423c8de7b3d0b70902a3ee26ed17fa 100644 --- a/apps/app_stack.c +++ b/apps/app_stack.c @@ -313,13 +313,14 @@ static void gosub_release_frame(struct ast_channel *chan, struct gosub_stack_fra static struct gosub_stack_frame *gosub_allocate_frame(const char *context, const char *extension, int priority, int in_subroutine, unsigned char arguments) { struct gosub_stack_frame *new = NULL; - int len_extension = strlen(extension), len_context = strlen(context); + int len_extension = strlen(extension) + 1; + int len_context = strlen(context) + 1; - if ((new = ast_calloc(1, sizeof(*new) + 2 + len_extension + len_context))) { + if ((new = ast_calloc(1, sizeof(*new) + len_extension + len_context))) { AST_LIST_HEAD_INIT_NOLOCK(&new->varshead); - strcpy(new->extension, extension); - new->context = new->extension + len_extension + 1; - strcpy(new->context, context); + ast_copy_string(new->extension, extension, len_extension); + new->context = new->extension + len_extension; + ast_copy_string(new->context, context, len_context); new->priority = priority; new->in_subroutine = in_subroutine ? 1 : 0; new->arguments = arguments; diff --git a/apps/app_voicemail.c b/apps/app_voicemail.c index 0b14934f133fff1115d7f8b75ada4bec5ba2678d..73813dfe91037b0deb23bd9a32b7ceb695dc1de0 100644 --- a/apps/app_voicemail.c +++ b/apps/app_voicemail.c @@ -1115,10 +1115,12 @@ static int inprocess_cmp_fn(void *obj, void *arg, int flags) static int inprocess_count(const char *context, const char *mailbox, int delta) { - struct inprocess *i, *arg = ast_alloca(sizeof(*arg) + strlen(context) + strlen(mailbox) + 2); - arg->context = arg->mailbox + strlen(mailbox) + 1; - strcpy(arg->mailbox, mailbox); /* SAFE */ - strcpy(arg->context, context); /* SAFE */ + int context_len = strlen(context) + 1; + int mailbox_len = strlen(mailbox) + 1; + struct inprocess *i, *arg = ast_alloca(sizeof(*arg) + context_len + mailbox_len); + arg->context = arg->mailbox + mailbox_len; + ast_copy_string(arg->mailbox, mailbox, mailbox_len); /* SAFE */ + ast_copy_string(arg->context, context, context_len); /* SAFE */ ao2_lock(inprocess_container); if ((i = ao2_find(inprocess_container, arg, 0))) { int ret = ast_atomic_fetchadd_int(&i->count, delta); @@ -1129,13 +1131,13 @@ static int inprocess_count(const char *context, const char *mailbox, int delta) if (delta < 0) { ast_log(LOG_WARNING, "BUG: ref count decrement on non-existing object???\n"); } - if (!(i = ao2_alloc(sizeof(*i) + strlen(context) + strlen(mailbox) + 2, NULL))) { + if (!(i = ao2_alloc(sizeof(*i) + context_len + mailbox_len, NULL))) { ao2_unlock(inprocess_container); return 0; } - i->context = i->mailbox + strlen(mailbox) + 1; - strcpy(i->mailbox, mailbox); /* SAFE */ - strcpy(i->context, context); /* SAFE */ + i->context = i->mailbox + mailbox_len; + ast_copy_string(i->mailbox, mailbox, mailbox_len); /* SAFE */ + ast_copy_string(i->context, context, context_len); /* SAFE */ i->count = delta; ao2_link(inprocess_container, i); ao2_unlock(inprocess_container); @@ -13564,8 +13566,8 @@ static struct alias_mailbox_mapping *alias_mailbox_mapping_create(const char *al } mapping->alias = mapping->buf; mapping->mailbox = mapping->buf + from_len; - strcpy(mapping->alias, alias); /* Safe */ - strcpy(mapping->mailbox, mailbox); /* Safe */ + ast_copy_string(mapping->alias, alias, from_len); /* Safe */ + ast_copy_string(mapping->mailbox, mailbox, to_len); /* Safe */ return mapping; } diff --git a/include/asterisk/app.h b/include/asterisk/app.h index 42645560ede8032385096ff262aa65dd91a625fb..91d06aace8d6c35cf04aeaf9a19cc6f2bda8029f 100644 --- a/include/asterisk/app.h +++ b/include/asterisk/app.h @@ -1231,11 +1231,14 @@ int ast_app_group_list_unlock(void); \note This defines a structure type, but does not declare an instance of the structure. That must be done separately. */ + #define AST_DEFINE_APP_ARGS_TYPE(type, arglist) \ struct type { \ unsigned int argc; \ - char *argv[0]; \ - arglist \ + union { \ + char *argv[sizeof(struct {arglist}) / sizeof(char *)]; \ + struct {arglist}; \ + }; \ } /*! diff --git a/main/dns_srv.c b/main/dns_srv.c index e11c84ecf2e423b48071cd910ee11567ee5cd606..4847f8980e050fd5a9a4b74a9aae4687cf182ab8 100644 --- a/main/dns_srv.c +++ b/main/dns_srv.c @@ -49,6 +49,7 @@ struct ast_dns_record *dns_srv_alloc(struct ast_dns_query *query, const char *da struct ast_dns_srv_record *srv; int host_size; char host[NI_MAXHOST] = ""; + size_t host_len; ptr = dns_find_record(data, size, query->result->answer, query->result->answer_size); ast_assert(ptr != NULL); @@ -89,7 +90,8 @@ struct ast_dns_record *dns_srv_alloc(struct ast_dns_query *query, const char *da return NULL; } - srv = ast_calloc(1, sizeof(*srv) + size + strlen(host) + 1); + host_len = strlen(host) + 1; + srv = ast_calloc(1, sizeof(*srv) + size + host_len); if (!srv) { return NULL; } @@ -99,7 +101,7 @@ struct ast_dns_record *dns_srv_alloc(struct ast_dns_query *query, const char *da srv->port = port; srv->host = srv->data + size; - strcpy((char *)srv->host, host); /* SAFE */ + ast_copy_string((char *)srv->host, host, host_len); /* SAFE */ srv->generic.data_ptr = srv->data; return (struct ast_dns_record *)srv; diff --git a/main/http.c b/main/http.c index 30885526094d3cf16999ac41cdfc78aa6d0747e7..a0f15f4349a7d7943db43d010d413880fb15f59a 100644 --- a/main/http.c +++ b/main/http.c @@ -2025,6 +2025,7 @@ static void add_redirect(const char *value) struct http_uri_redirect *redirect, *cur; unsigned int target_len; unsigned int total_len; + size_t dest_len; dest = ast_strdupa(value); dest = ast_skip_blanks(dest); @@ -2038,14 +2039,15 @@ static void add_redirect(const char *value) } target_len = strlen(target) + 1; - total_len = sizeof(*redirect) + target_len + strlen(dest) + 1; + dest_len = strlen(dest) + 1; + total_len = sizeof(*redirect) + target_len + dest_len; if (!(redirect = ast_calloc(1, total_len))) { return; } redirect->dest = redirect->target + target_len; strcpy(redirect->target, target); - strcpy(redirect->dest, dest); + ast_copy_string(redirect->dest, dest, dest_len); AST_RWLIST_WRLOCK(&uri_redirects); diff --git a/main/logger.c b/main/logger.c index cf9357e4a1da16f0a6e510ad278198fd7a04d372..c66d820fba515aa036dc0a04f6f8edfd3ee0ee32 100644 --- a/main/logger.c +++ b/main/logger.c @@ -2294,7 +2294,7 @@ void __ast_trace(const char *file, int line, const char *func, enum ast_trace_in va_list ap; unsigned long indent = (unsigned long)ast_threadstorage_get_ptr(&trace_indent); struct ast_str *fmt = ast_str_create(128); - char *direction; + const char *direction = ""; if (!fmt) { return; diff --git a/main/message.c b/main/message.c index dc81b4e6c69aa478efb458bd366c43fd15f58215..66d051c29754e86cbd1762fb49a553e844c4d7e0 100644 --- a/main/message.c +++ b/main/message.c @@ -1421,7 +1421,7 @@ struct ast_msg_data *ast_msg_data_alloc(enum ast_msg_data_source_type source, /* Set the ones we have and increment the offset */ for (i=0; i < count; i++) { len = (strlen(attributes[i].value) + 1); - strcpy(msg->buf + current_offset, attributes[i].value); /* Safe */ + ast_copy_string(msg->buf + current_offset, attributes[i].value, len); /* Safe */ msg->attribute_value_offsets[attributes[i].type] = current_offset; current_offset += len; } diff --git a/main/pbx.c b/main/pbx.c index f7b813b66a8831e3c49c62dfaaf9b0201a863f7a..bbc6df9d377f37c3d5ceb8aa1e8360aec0ee165b 100644 --- a/main/pbx.c +++ b/main/pbx.c @@ -6519,6 +6519,8 @@ void ast_merge_contexts_and_delete(struct ast_context **extcontexts, struct ast_ i = ao2_iterator_init(hints, AO2_ITERATOR_DONTLOCK); for (; (hint = ao2_iterator_next(&i)); ao2_ref(hint, -1)) { if (ao2_container_count(hint->callbacks)) { + size_t exten_len; + ao2_lock(hint); if (!hint->exten) { /* The extension has already been destroyed. (Should never happen here) */ @@ -6526,7 +6528,8 @@ void ast_merge_contexts_and_delete(struct ast_context **extcontexts, struct ast_ continue; } - length = strlen(hint->exten->exten) + strlen(hint->exten->parent->name) + 2 + exten_len = strlen(hint->exten->exten) + 1; + length = exten_len + strlen(hint->exten->parent->name) + 1 + sizeof(*saved_hint); if (!(saved_hint = ast_calloc(1, length))) { ao2_unlock(hint); @@ -6546,7 +6549,7 @@ void ast_merge_contexts_and_delete(struct ast_context **extcontexts, struct ast_ saved_hint->context = saved_hint->data; strcpy(saved_hint->data, hint->exten->parent->name); saved_hint->exten = saved_hint->data + strlen(saved_hint->context) + 1; - strcpy(saved_hint->exten, hint->exten->exten); + ast_copy_string(saved_hint->exten, hint->exten->exten, exten_len); if (hint->last_presence_subtype) { saved_hint->last_presence_subtype = ast_strdup(hint->last_presence_subtype); } diff --git a/main/pbx_variables.c b/main/pbx_variables.c index c1463d0e0c8d331feb502ec0d47015c1ebb91f84..e3c26f889e3ed1eb312a942b19201896ba6cb9bf 100644 --- a/main/pbx_variables.c +++ b/main/pbx_variables.c @@ -211,14 +211,10 @@ static const char *ast_str_substring(struct ast_str *value, int offset, int leng } if (length >= 0 && length < lr) { /* truncate if necessary */ - char *tmp = ast_str_buffer(value); - tmp[length] = '\0'; - ast_str_update(value); + ast_str_truncate(value, length); } else if (length < 0) { if (lr > -length) { /* After we remove from the front and from the rear, is there anything left? */ - char *tmp = ast_str_buffer(value); - tmp[lr + length] = '\0'; - ast_str_update(value); + ast_str_truncate(value, lr + length); } else { ast_str_reset(value); } diff --git a/main/stasis.c b/main/stasis.c index e901cbd040c1bf6e47204fdb2ff459adc73c2bb3..44d5973fc0b788fe24dd29dc57ff88ec0b3f7901 100644 --- a/main/stasis.c +++ b/main/stasis.c @@ -498,6 +498,7 @@ static int link_topic_proxy(struct stasis_topic *topic, const char *name, const { struct topic_proxy *proxy; struct stasis_topic* topic_tmp; + size_t detail_len; if (!topic || !name || !strlen(name) || !detail) { return -1; @@ -514,8 +515,10 @@ static int link_topic_proxy(struct stasis_topic *topic, const char *name, const return -1; } + detail_len = strlen(detail) + 1; + proxy = ao2_t_weakproxy_alloc( - sizeof(*proxy) + strlen(name) + 1 + strlen(detail) + 1, NULL, name); + sizeof(*proxy) + strlen(name) + 1 + detail_len, NULL, name); if (!proxy) { ao2_unlock(topic_all); @@ -527,7 +530,7 @@ static int link_topic_proxy(struct stasis_topic *topic, const char *name, const proxy->detail = proxy->name + strlen(name) + 1; strcpy(proxy->name, name); /* SAFE */ - strcpy(proxy->detail, detail); /* SAFE */ + ast_copy_string(proxy->detail, detail, detail_len); /* SAFE */ proxy->creationtime = ast_tvnow(); /* We have exclusive access to proxy, no need for locking here. */ @@ -1620,9 +1623,10 @@ static void subscription_change_dtor(void *obj) static struct stasis_subscription_change *subscription_change_alloc(struct stasis_topic *topic, const char *uniqueid, const char *description) { size_t description_len = strlen(description) + 1; + size_t uniqueid_len = strlen(uniqueid) + 1; struct stasis_subscription_change *change; - change = ao2_alloc_options(sizeof(*change) + description_len + strlen(uniqueid) + 1, + change = ao2_alloc_options(sizeof(*change) + description_len + uniqueid_len, subscription_change_dtor, AO2_ALLOC_OPT_LOCK_NOLOCK); if (!change) { return NULL; @@ -1630,7 +1634,7 @@ static struct stasis_subscription_change *subscription_change_alloc(struct stasi strcpy(change->description, description); /* SAFE */ change->uniqueid = change->description + description_len; - strcpy(change->uniqueid, uniqueid); /* SAFE */ + ast_copy_string(change->uniqueid, uniqueid, uniqueid_len); /* SAFE */ ao2_ref(topic, +1); change->topic = topic; diff --git a/main/stasis_channels.c b/main/stasis_channels.c index 805525f4b9daf3507fa1265965ee2af04ef23d3b..3d213c745eb79b85f03e5b5b26a043ebbd390826 100644 --- a/main/stasis_channels.c +++ b/main/stasis_channels.c @@ -306,7 +306,7 @@ static struct ast_channel_snapshot_peer *channel_snapshot_peer_create(struct ast strcpy(snapshot->account, peeraccount); /* Safe */ snapshot->linkedid = snapshot->account + peeraccount_len; - strcpy(snapshot->linkedid, linkedid); /* Safe */ + ast_copy_string(snapshot->linkedid, linkedid, linkedid_len); /* Safe */ return snapshot; } @@ -370,7 +370,7 @@ static struct ast_channel_snapshot_connected *channel_snapshot_connected_create( strcpy(snapshot->name, name); /* Safe */ snapshot->number = snapshot->name + name_len; - strcpy(snapshot->number, number); /* Safe */ + ast_copy_string(snapshot->number, number, number_len); /* Safe */ return snapshot; } diff --git a/pbx/pbx_dundi.c b/pbx/pbx_dundi.c index 1ab0676c50fcb1a51c05f6a3271aa7581c6f34e3..a5041714901bca4f17673c948fe25ab265d96121 100644 --- a/pbx/pbx_dundi.c +++ b/pbx/pbx_dundi.c @@ -722,7 +722,7 @@ static void *dundi_precache_thread(void *data) { struct dundi_query_state *st = data; struct dundi_ie_data ied; - struct dundi_hint_metadata hmd; + struct dundi_hint_metadata hmd = {0}; char eid_str[20]; ast_debug(1, "Whee, precaching '%s@%s' for '%s'\n", st->called_number, st->called_context, @@ -3936,7 +3936,6 @@ int dundi_lookup(struct dundi_result *result, int maxret, struct ast_channel *ch static void reschedule_precache(const char *number, const char *context, int expiration) { - int len; struct dundi_precache_queue *qe, *prev; AST_LIST_LOCK(&pcq); @@ -3948,16 +3947,16 @@ static void reschedule_precache(const char *number, const char *context, int exp } AST_LIST_TRAVERSE_SAFE_END; if (!qe) { - len = sizeof(*qe); - len += strlen(number) + 1; - len += strlen(context) + 1; - if (!(qe = ast_calloc(1, len))) { + int len = sizeof(*qe); + int num_len = strlen(number) + 1; + int context_len = strlen(context) + 1; + if (!(qe = ast_calloc(1, len + num_len + context_len))) { AST_LIST_UNLOCK(&pcq); return; } strcpy(qe->number, number); - qe->context = qe->number + strlen(number) + 1; - strcpy(qe->context, context); + qe->context = qe->number + num_len + 1; + ast_copy_string(qe->context, context, context_len); } time(&qe->expiration); qe->expiration += expiration; diff --git a/res/parking/parking_bridge_features.c b/res/parking/parking_bridge_features.c index d064991e575c5ae87ce375f62f31d53fb74e7fd1..3b4e25b10c735cec74222c614afe1d80829f2208 100644 --- a/res/parking/parking_bridge_features.c +++ b/res/parking/parking_bridge_features.c @@ -179,7 +179,8 @@ static int create_parked_subscription_full(struct ast_channel *chan, const char struct parked_subscription_data *subscription_data; char *parker_uuid = ast_strdupa(ast_channel_uniqueid(chan)); - size_t parker_uuid_size = strlen(parker_uuid) + 1; + size_t parker_uuid_size; + size_t parkee_uuid_size; /* If there is already a subscription, get rid of it. */ wipe_subscription_datastore(chan); @@ -193,8 +194,11 @@ static int create_parked_subscription_full(struct ast_channel *chan, const char return -1; } + parker_uuid_size = strlen(parker_uuid) + 1; + parkee_uuid_size = strlen(parkee_uuid) + 1; + if (!(subscription_data = ast_calloc(1, sizeof(*subscription_data) + parker_uuid_size + - strlen(parkee_uuid) + 1))) { + parkee_uuid_size))) { ast_datastore_free(datastore); ast_free(parked_datastore); return -1; @@ -207,8 +211,7 @@ static int create_parked_subscription_full(struct ast_channel *chan, const char subscription_data->hangup_after = hangup_after; subscription_data->parkee_uuid = subscription_data->parker_uuid + parker_uuid_size; - strcpy(subscription_data->parkee_uuid, parkee_uuid); - strcpy(subscription_data->parker_uuid, parker_uuid); + ast_copy_string(subscription_data->parkee_uuid, parkee_uuid, parkee_uuid_size); if (!(parked_datastore->parked_subscription = stasis_subscribe_pool(ast_parking_topic(), parker_update_cb, subscription_data))) { return -1; diff --git a/res/res_pjsip_registrar.c b/res/res_pjsip_registrar.c index 172ecc8370f3ad674dd3eed73d2beca5a7d5de91..523eb0a58a8f1e73693353d9d6484f5c74d74fcd 100644 --- a/res/res_pjsip_registrar.c +++ b/res/res_pjsip_registrar.c @@ -422,12 +422,13 @@ static int registrar_contact_delete(enum contact_delete_type type, pjsip_transpo aor_size = aor_name ? strlen(aor_name) : 0; if (contact->prune_on_boot && type != CONTACT_DELETE_SHUTDOWN && aor_size) { const char *contact_name = ast_sorcery_object_get_id(contact); + size_t contact_name_len = strlen(contact_name) + 1; struct contact_transport_monitor *monitor = ast_alloca( - sizeof(*monitor) + 2 + aor_size + strlen(contact_name)); + sizeof(*monitor) + 1 + aor_size + contact_name_len); strcpy(monitor->aor_name, aor_name); /* Safe */ monitor->contact_name = monitor->aor_name + aor_size + 1; - strcpy(monitor->contact_name, contact_name); /* Safe */ + ast_copy_string(monitor->contact_name, contact_name, contact_name_len); /* Safe */ if (transport) { ast_sip_transport_monitor_unregister(transport, @@ -774,6 +775,7 @@ static void register_aor_core(pjsip_rx_data *rdata, } if (prune_on_boot) { + size_t contact_name_len; const char *contact_name; struct contact_transport_monitor *monitor; @@ -782,12 +784,13 @@ static void register_aor_core(pjsip_rx_data *rdata, * the contact won't be valid anymore if that happens. */ contact_name = ast_sorcery_object_get_id(contact); - monitor = ao2_alloc(sizeof(*monitor) + 2 + strlen(aor_name) - + strlen(contact_name), NULL); + contact_name_len = strlen(contact_name) + 1; + monitor = ao2_alloc(sizeof(*monitor) + 1 + strlen(aor_name) + + contact_name_len, NULL); if (monitor) { strcpy(monitor->aor_name, aor_name);/* Safe */ monitor->contact_name = monitor->aor_name + strlen(aor_name) + 1; - strcpy(monitor->contact_name, contact_name);/* Safe */ + ast_copy_string(monitor->contact_name, contact_name, contact_name_len);/* Safe */ ast_sip_transport_monitor_register_replace(rdata->tp_info.transport, register_contact_transport_shutdown_cb, monitor, contact_transport_monitor_matcher); diff --git a/tests/test_locale.c b/tests/test_locale.c index 99137c1824b74dfc63acf2ef03e92c209b7edfa3..4fd6a349dc313ff9a9094221508ecbc83b335d37 100644 --- a/tests/test_locale.c +++ b/tests/test_locale.c @@ -98,6 +98,7 @@ static char *handle_cli_test_locales(struct ast_cli_entry *e, int cmd, struct as ast_strftime(origlocalformat, sizeof(origlocalformat), "%c", &atm); while ((dent = readdir(localedir))) { + size_t locallen; size_t namelen; if (dent->d_name[0] == '.') { @@ -107,14 +108,17 @@ static char *handle_cli_test_locales(struct ast_cli_entry *e, int cmd, struct as setlocale(LC_ALL, dent->d_name); ast_strftime(localformat, sizeof(localformat), "%c", &atm); + locallen = strlen(localformat) + 1; + namelen = strlen(dent->d_name) + 1; + /* Store values */ - if (!(tl = ast_calloc(1, sizeof(*tl) + strlen(localformat) + (namelen = strlen(dent->d_name)) + 2))) { + if (!(tl = ast_calloc(1, sizeof(*tl) + locallen + namelen))) { continue; } - strcpy(tl->name, dent->d_name); /* SAFE */ - tl->localformat = tl->name + namelen + 1; - strcpy(tl->localformat, localformat); /* SAFE */ + ast_copy_string(tl->name, dent->d_name, namelen); /* SAFE */ + tl->localformat = tl->name + namelen; + ast_copy_string(tl->localformat, localformat, locallen); /* SAFE */ AST_LIST_INSERT_TAIL(&locales, tl, list); diff --git a/utils/astman.c b/utils/astman.c index 2d382f5c3f539769cedfd46cb0bc2ebc4d3af2b1..b891719e7900d2051ec76f7adc63f4cc57472693 100644 --- a/utils/astman.c +++ b/utils/astman.c @@ -537,7 +537,7 @@ static void try_redirect(newtComponent c) chan = newtListboxGetCurrent(c); if (chan) { - strncpy(channame, chan->name, sizeof(channame) - 1); + snprintf(channame, sizeof(channame), "%s", chan->name); snprintf(tmp, sizeof(tmp), "%s%s", tmp_prefix, channame); if (get_user_input(tmp, dest, sizeof(dest))) return; diff --git a/utils/db1-ast/hash/ndbm.c b/utils/db1-ast/hash/ndbm.c index 16202eda0a0eeebd83c96625116d591fa9277bed..3c63d4862de1e6ff2db26922e45c3fbd48eecc6c 100644 --- a/utils/db1-ast/hash/ndbm.c +++ b/utils/db1-ast/hash/ndbm.c @@ -79,8 +79,7 @@ dbm_open(file, flags, mode) info.cachesize = 0; info.hash = NULL; info.lorder = 0; - (void)strcpy(path, file); /* SAFE */ - (void)strncat(path, DBM_SUFFIX, len - strlen(path) - 1); + snprintf(path, len, "%s%s", file, DBM_SUFFIX); db = (DBM *)__hash_open(path, flags, mode, &info, 0); #ifndef __GNUC__ free(path); diff --git a/utils/extconf.c b/utils/extconf.c index 9ffa3f610eff4afda6f6f7cee6ccf3e9f9e21776..674f5df47962e04507462cc3f3f18da64bd3240c 100644 --- a/utils/extconf.c +++ b/utils/extconf.c @@ -1057,14 +1057,16 @@ static struct ast_variable *ast_variable_new(const char *name, const char *value { struct ast_variable *variable; int name_len = strlen(name) + 1; + size_t value_len = strlen(value) + 1; + size_t filename_len = strlen(filename) + 1; - if ((variable = ast_calloc(1, name_len + strlen(value) + 1 + strlen(filename) + 1 + sizeof(*variable)))) { + if ((variable = ast_calloc(1, name_len + value_len + filename_len + sizeof(*variable)))) { variable->name = variable->stuff; variable->value = variable->stuff + name_len; - variable->file = variable->value + strlen(value) + 1; + variable->file = variable->value + value_len; strcpy(variable->name,name); - strcpy(variable->value,value); - strcpy(variable->file,filename); + ast_copy_string(variable->value, value, value_len); + ast_copy_string(variable->file, filename, filename_len); } return variable; diff --git a/utils/muted.c b/utils/muted.c index 6a86a6753f8a0e31ae521c75d619f192672c84f8..a14845fdd7275ef4e045fe64246c37372baf7e77 100644 --- a/utils/muted.c +++ b/utils/muted.c @@ -163,12 +163,12 @@ static int load_config(void) fprintf(stderr, "host needs an argument (the host) at line %d\n", lineno); } else if (!strcasecmp(buf, "user")) { if (val && strlen(val)) - strncpy(user, val, sizeof(user) - 1); + snprintf(user, sizeof(user), "%s", val); else fprintf(stderr, "user needs an argument (the user) at line %d\n", lineno); } else if (!strcasecmp(buf, "pass")) { if (val && strlen(val)) - strncpy(pass, val, sizeof(pass) - 1); + snprintf(pass, sizeof(pass), "%s", val); else fprintf(stderr, "pass needs an argument (the password) at line %d\n", lineno); } else if (!strcasecmp(buf, "smoothfade")) { @@ -639,24 +639,29 @@ static int wait_event(void) return -1; } if (!strncasecmp(resp, "Event: ", strlen("Event: "))) { - strncpy(event, resp + strlen("Event: "), sizeof(event) - 1); + int event_len = -1; + int channel_len = -1; + int newname_len = -1; + int oldname_len = -1; + + event_len = snprintf(event, sizeof(event), "%s", resp + strlen("Event: ")); /* Consume the rest of the non-event */ while((resp = get_line()) && strlen(resp)) { if (!strncasecmp(resp, "Channel: ", strlen("Channel: "))) - strncpy(channel, resp + strlen("Channel: "), sizeof(channel) - 1); + channel_len = snprintf(channel, sizeof(channel), "%s", resp + strlen("Channel: ")); if (!strncasecmp(resp, "Newname: ", strlen("Newname: "))) - strncpy(newname, resp + strlen("Newname: "), sizeof(newname) - 1); + newname_len = snprintf(newname, sizeof(newname), "%s", resp + strlen("Newname: ")); if (!strncasecmp(resp, "Oldname: ", strlen("Oldname: "))) - strncpy(oldname, resp + strlen("Oldname: "), sizeof(oldname) - 1); + oldname_len = snprintf(oldname, sizeof(oldname), "%s", resp + strlen("Oldname: ")); } - if (strlen(channel)) { - if (!strcasecmp(event, "Hangup")) + if (channel_len == strlen(channel)) { + if (event_len == strlen(event) && !strcasecmp(event, "Hangup")) hangup_chan(channel); else offhook_chan(channel); } - if (strlen(newname) && strlen(oldname)) { - if (!strcasecmp(event, "Rename")) { + if (newname_len == strlen(newname) && oldname_len == strlen(oldname)) { + if (event_len == strlen(event) && !strcasecmp(event, "Rename")) { hangup_chan(oldname); offhook_chan(newname); }