What I do is periodically is a recursive "grep" of all my source code for "strcat()" and the like. In EVERY case, there is NO reason to use strcat() and it should be replaced with either strlcat() or strncat() same for sprintf, strcpy and so on. The "l" versions should be prefreed over the "n" versions but some UNIXes lack the "l" kinds so you need to use autoconf and "ifdef HAVE_STRLCAT".
Every use of the non "l" or "n" functions is a potential buffer overwrite exploit or a potential segfalt. Yes you can do an analysis and determine the no overflow is possible but then 2 years later someone patches the code. ===== Chris Albertson Home: 310-376-1029 [EMAIL PROTECTED] Cell: 310-990-7550 Office: 310-336-5189 [EMAIL PROTECTED] KG6OMK __________________________________ Do you Yahoo!? Yahoo! SiteBuilder - Free, easy-to-use web site design software http://sitebuilder.yahoo.com _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users
