Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commita7d3110

Browse files
committed
Fix write-past-buffer-end in ldapServiceLookup().
The code to assemble ldap_get_values_len's output into a single stringwrote the terminating null one byte past where it should. Fix that,and make some other cosmetic adjustments to make the code a trifle morereadable and more in line with usual Postgres coding style.Also, free the "result" string when done with it, to avoid a permanentmemory leak.Bug report and patch by Albe Laurenz, cosmetic adjustments by me.
1 parent7b9bbb6 commita7d3110

File tree

1 file changed

+13
-7
lines changed

1 file changed

+13
-7
lines changed

‎src/interfaces/libpq/fe-connect.c

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -2648,25 +2648,26 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
26482648
return1;
26492649
}
26502650

2651-
/* concatenate values to a single string */
2652-
for (size=0,i=0;values[i]!=NULL;++i)
2651+
/* concatenate values into a single string with newline terminators */
2652+
size=1;/* for the trailing null */
2653+
for (i=0;values[i]!=NULL;i++)
26532654
size+=values[i]->bv_len+1;
2654-
if ((result=malloc(size+1))==NULL)
2655+
if ((result=malloc(size))==NULL)
26552656
{
26562657
printfPQExpBuffer(errorMessage,
26572658
libpq_gettext("out of memory\n"));
26582659
ldap_value_free_len(values);
26592660
ldap_unbind(ld);
26602661
return3;
26612662
}
2662-
for (p=result,i=0;values[i]!=NULL;++i)
2663+
p=result;
2664+
for (i=0;values[i]!=NULL;i++)
26632665
{
2664-
strncpy(p,values[i]->bv_val,values[i]->bv_len);
2666+
memcpy(p,values[i]->bv_val,values[i]->bv_len);
26652667
p+=values[i]->bv_len;
26662668
*(p++)='\n';
2667-
if (values[i+1]==NULL)
2668-
*(p+1)='\0';
26692669
}
2670+
*p='\0';
26702671

26712672
ldap_value_free_len(values);
26722673
ldap_unbind(ld);
@@ -2695,6 +2696,7 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
26952696
printfPQExpBuffer(errorMessage,libpq_gettext(
26962697
"missing \"=\" after \"%s\" in connection info string\n"),
26972698
optname);
2699+
free(result);
26982700
return3;
26992701
}
27002702
elseif (*p=='=')
@@ -2713,6 +2715,7 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
27132715
printfPQExpBuffer(errorMessage,libpq_gettext(
27142716
"missing \"=\" after \"%s\" in connection info string\n"),
27152717
optname);
2718+
free(result);
27162719
return3;
27172720
}
27182721
break;
@@ -2776,6 +2779,7 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
27762779
printfPQExpBuffer(errorMessage,
27772780
libpq_gettext("invalid connection option \"%s\"\n"),
27782781
optname);
2782+
free(result);
27792783
return1;
27802784
}
27812785
optname=NULL;
@@ -2784,6 +2788,8 @@ ldapServiceLookup(const char *purl, PQconninfoOption *options,
27842788
oldstate=state;
27852789
}
27862790

2791+
free(result);
2792+
27872793
if (state==5||state==6)
27882794
{
27892795
printfPQExpBuffer(errorMessage,libpq_gettext(

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp