#40 "strncmp" should not be used to match parameters, SDP...

trunk
closed-fixed
core (110)
5
2008-11-23
2008-10-28
No

The following code lines use case sensitive comparisions while most of them try to match SIP parameters or SDP attributes, that whould be case insenstive per SIP syntax:

modules/msilo/msilo.c: if(!ctaddr.s || ctaddr.len < 6 || strncmp(ctaddr.s, "sip:", 4)
modules/pua_bla/notify.c: if(strncmp(sep+1, "expires=", 8)!= 0)
modules/mediaproxy/mediaproxy.c: if (strncmp(uri.s, "sip:", 4)==0) {
modules/mediaproxy/mediaproxy.c: if (strncmp(uri.s, "sip:", 4)==0) {
modules/mediaproxy/mediaproxy.c: if (strncmp(line.s, "sendrecv", 8)==0 || strncmp(line.s, "sendonly", 8)==0 ||
modules/mediaproxy/mediaproxy.c: strncmp(line.s, "recvonly", 8)==0 || strncmp(line.s, "inactive", 8)==0) {
modules/rls/subscribe.c: if(ev_param->name.len== 2 && strncmp(ev_param->name.s, "id", 2)== 0)
modules/rls/subscribe.c: if(strncmp(hdr->body.s+ i, "eventlist", 9)== 0)
modules/rls/resource_notify.c: if(strncmp(smc+1, "reason=", 7))
modules/rls/resource_notify.c: if(strncmp(smc+1, "expires=", 8))
modules/uri/checks.c: if (strncmp(ruri->s, "tel:", 4) != 0) return 1;
modules/pua/hash.h: if (strncmp(event->s, "presence", 8) == 0)
modules/pua/hash.h: if (strncmp(event->s, "xcap-diff", 9) == 0)
modules/pua/hash.h: if (strncmp(event->s, "dialog;sla", 10) == 0)
modules/pua/hash.h: if (strncmp(event->s, "conference", 10) == 0)
modules/pua/hash.h: if (strncmp(event->s, "presence;winfo", 14) == 0)
modules/pua/hash.h: if (strncmp(event->s, "message-summary", 15) == 0)
modules/pua_xmpp/simple2xmpp.c: (strncmp(msg->event->body.s,"presence",8 )==0))
modules/pua_xmpp/simple2xmpp.c: (strncmp(msg->event->body.s,"presence.winfo",14 )==0))
modules/pua_xmpp/simple2xmpp.c: if(hdr && strncmp(hdr->body.s,"terminated", 10)== 0)
modules/pua_xmpp/simple2xmpp.c: if(strncmp(hdr->body.s+11,"reason=timeout", 14)== 0)
modules/pua_xmpp/simple2xmpp.c: if(hdr && strncmp(hdr->body.s,"terminated", 10)== 0)
modules/uac/auth_hdr.c: if(val.len>=4 && !strncmp(val.s, "auth", 4))
modules/xmpp/xode_str.c: if (strncmp(&buf[i],"&amp;",5)==0)
modules/xmpp/xode_str.c: } else if (strncmp(&buf[i],"&quot;",6)==0) {
modules/xmpp/xode_str.c: } else if (strncmp(&buf[i],"&apos;",6)==0) {
modules/xmpp/xode_str.c: } else if (strncmp(&buf[i],"&lt;",4)==0) {
modules/xmpp/xode_str.c: } else if (strncmp(&buf[i],"&gt;",4)==0) {
modules/presence_mwi/add_events.c: if (strncmp(body.s, "Messages-Waiting", 16) != 0) goto err;
modules/presence_mwi/add_events.c: if (strncmp(at, "yes", 3) == 0) at = at + 3;
modules/presence_mwi/add_events.c: if (strncmp(at, "no", 2) == 0) at = at + 2;
modules/imc/imc_cmd.c: if(cmd->param[0].len<4 || strncmp(cmd->param[0].s, "sip:", 4)!=0)
modules/imc/imc_cmd.c: if(cmd->param[0].len<=4 || strncmp(cmd->param[0].s, "sip:", 4)!=0)
modules/speeddial/sdlookup.c: if(user_s.len<4 || strncmp(user_s.s, "sip:", 4))
modules/jabber/xode_str.c: if (strncmp(&buf[i],"&amp;",5)==0)
modules/jabber/xode_str.c: } else if (strncmp(&buf[i],"&quot;",6)==0) {
modules/jabber/xode_str.c: } else if (strncmp(&buf[i],"&apos;",6)==0) {
modules/jabber/xode_str.c: } else if (strncmp(&buf[i],"&lt;",4)==0) {
modules/jabber/xode_str.c: } else if (strncmp(&buf[i],"&gt;",4)==0) {
modules/nathelper/nathelper.c: if (strncmp(pnode->rn_address, "udp:", 4) == 0) {
modules/presence/subscribe.c: if(ev_param->name.len== 2 && strncmp(ev_param->name.s, "id", 2)== 0)
modules/presence/utils_func.h: if(strncmp(ip.s, "sip:", 4)!=0)
modules/presence/event_list.c: if(sep && strncmp(sep+1, "winfo", 5)== 0)
parser/parse_event.c: _e->params->name.len== 3 && strncmp(_e->params->name.s, "sla", 3)== 0 )
parser/sdp/sdp_helpr_funcs.c: if (strncmp(body->s, "a=rtpmap:", 9) !=0) {
parser/sdp/sdp_helpr_funcs.c: if ( !( (strncmp(cp1, "a=sendrecv", 10) == 0) ||
parser/sdp/sdp_helpr_funcs.c: (strncmp(cp1, "a=inactive", 10) == 0) ||
parser/sdp/sdp_helpr_funcs.c: (strncmp(cp1, "a=recvonly", 10) == 0) ||
parser/sdp/sdp_helpr_funcs.c: (strncmp(cp1, "a=sendonly", 10) == 0) )) {

Discussion

  • Bogdan-Andrei Iancu

    • assigned_to: nobody --> saguti
    • status: open --> open-accepted
     
  • Sergio Gutierrez

    Patches for affected files

     
  • Bogdan-Andrei Iancu

    Hi Sergio,

    The patch looks good - please apply it on trunk and 1.4 (note you have an invalid diff file in your tar - entries.diff - remove that as it is for a SVN file).

    Thanks and regards,
    Bogdan

     
  • Sergio Gutierrez

    Fixed in revisions 5016 trunk and 5017 branch.
    Thanks to Iñaki Baz Castillo by reporting.

     
  • Sergio Gutierrez

    • status: open-accepted --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks