Movatterモバイル変換

Skip to content

postgrespro/postgresPublic

forked frompostgres/postgres

NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit586dd5d

tglsfdc

committed

Replace a bunch more uses of strncpy() with safer coding.

strncpy() has a well-deserved reputation for being unsafe, so make aneffort to get rid of nearly all occurrences in HEAD.A large fraction of the remaining uses were passing length less than orequal to the known strlen() of the source, in which case no null-paddingcan occur and the behavior is equivalent to memcpy(), though doubtlessslower and certainly harder to reason about. So just use memcpy() inthese cases.In other cases, use either StrNCpy() or strlcpy() as appropriate (dependingon whether padding to the full length of the destination buffer seemsuseful).I left a few strncpy() calls alone in the src/timezone/ code, to keep itin sync with upstream (the IANA tzcode distribution). There are also afew such calls in ecpg that could possibly do with more analysis.AFAICT, none of these changes are more than cosmetic, except for the fouroccurrences in fe-secure-openssl.c, which are in fact buggy: an overlengthsource leads to a non-null-terminated destination buffer and ensuingmisbehavior. These don't seem like security issues, first because no stackclobber is possible and second because if your values of sslcert etc arecoming from untrusted sources then you've got problems way worse than this.Still, it's undesirable to have unpredictable behavior for overlengthinputs, so back-patch those four changes to all active branches.

1 parent9222cd8 commit586dd5dCopy full SHA for 586dd5d

File tree

26 files changed

+49

-50

lines changed

contrib
- fuzzystrmatch
  - dmetaphone.c
- isn
  - isn.c
- pg_trgm
  - trgm_regexp.c
- pgbench
  - pgbench.c
- pgcrypto
  - crypt-des.c
- xml2
  - xpath.c
src
- backend
  - libpq
    - hba.c
  - postmaster
    - pgstat.c
  - regex
    - regerror.c
  - replication
    - logical
      - logical.c
    - slot.c
  - utils
    - adt
    - error
      - elog.c
- bin
  - initdb
    - initdb.c
  - pg_dump
    - pg_backup_archiver.c
    - pg_backup_db.c
- interfaces
  - ecpg
    - ecpglib
      - execute.c
      - prepare.c
    - pgtypeslib
      - datetime.c
      - dt_common.c
    - test
      - pg_regress_ecpg.c
  - libpq

26 files changed

+49

-50

lines changed

`‎contrib/fuzzystrmatch/dmetaphone.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -247,7 +247,7 @@ NewMetaString(char *init_str)`
`247`	`247`	`META_MALLOC(s->str,s->bufsize,char);`
`248`	`248`	`assert(s->str!=NULL);`
`249`	`249`
`250`		`-strncpy(s->str,init_str,s->length+1);`
	`250`	`+memcpy(s->str,init_str,s->length+1);`
`251`	`251`	`s->free_string_on_destroy=1;`
`252`	`252`
`253`	`253`	`returns;`

`‎contrib/isn/isn.c‎`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -825,18 +825,18 @@ string2ean(const char str, bool errorOK, ean13 result,`
`825`	`825`	`gotoeanwrongtype;`
`826`	`826`	`break;`
`827`	`827`	`caseISMN:`
`828`		`-strncpy(buf,"9790",4);/* this isn't for sure yet, for now`
	`828`	`+memcpy(buf,"9790",4);/* this isn't for sure yet, for now`
`829`	`829`	`* ISMN it's only 9790 */`
`830`	`830`	`valid= (valid&& ((rcheck=checkdig(buf,13))==check\|\|magic));`
`831`	`831`	`break;`
`832`	`832`	`caseISBN:`
`833`		`-strncpy(buf,"978",3);`
	`833`	`+memcpy(buf,"978",3);`
`834`	`834`	`valid= (valid&& ((rcheck=weight_checkdig(buf+3,10))==check\|\|magic));`
`835`	`835`	`break;`
`836`	`836`	`caseISSN:`
`837`		`-strncpy(buf+10,"00",2);/* append 00 as the normal issue`
	`837`	`+memcpy(buf+10,"00",2);/* append 00 as the normal issue`
`838`	`838`	`* publication code */`
`839`		`-strncpy(buf,"977",3);`
	`839`	`+memcpy(buf,"977",3);`
`840`	`840`	`valid= (valid&& ((rcheck=weight_checkdig(buf+3,8))==check\|\|magic));`
`841`	`841`	`break;`
`842`	`842`	`caseUPC:`

`‎contrib/pg_trgm/trgm_regexp.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -877,7 +877,7 @@ convertPgWchar(pg_wchar c, trgm_mb_char *result)`
`877`	`877`	`#endif`
`878`	`878`
`879`	`879`	`/* Fill result with exactly MAX_MULTIBYTE_CHAR_LEN bytes */`
`880`		`-strncpy(result->bytes,s,MAX_MULTIBYTE_CHAR_LEN);`
	`880`	`+memcpy(result->bytes,s,MAX_MULTIBYTE_CHAR_LEN);`
`881`	`881`	`return true;`
`882`	`882`	`}`
`883`	`883`

`‎contrib/pgbench/pgbench.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -829,7 +829,7 @@ replaceVariable(char *sql, char param, int len, char *value)`
`829`	`829`
`830`	`830`	`if (valueln!=len)`
`831`	`831`	`memmove(param+valueln,param+len,strlen(param+len)+1);`
`832`		`-strncpy(param,value,valueln);`
	`832`	`+memcpy(param,value,valueln);`
`833`	`833`
`834`	`834`	`returnparam+valueln;`
`835`	`835`	`}`

`‎contrib/pgcrypto/crypt-des.c‎`

Lines changed: 1 addition & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -708,15 +708,14 @@ px_crypt_des(const char key, const char setting)`
`708`	`708`	`if (des_setkey((char*)keybuf))`
`709`	`709`	`return (NULL);`
`710`	`710`	`}`
`711`		`-strncpy(output,setting,9);`
	`711`	`+StrNCpy(output,setting,10);`
`712`	`712`
`713`	`713`	`/*`
`714`	`714`	`* Double check that we weren't given a short setting. If we were, the`
`715`	`715`	`* above code will probably have created weird values for count and`
`716`	`716`	`* salt, but we don't really care. Just make sure the output string`
`717`	`717`	`* doesn't have an extra NUL in it.`
`718`	`718`	`*/`
`719`		`-output[9]='\0';`
`720`	`719`	`p=output+strlen(output);`
`721`	`720`	`}`
`722`	`721`	`else`

`‎contrib/xml2/xpath.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -327,7 +327,7 @@ xpath_string(PG_FUNCTION_ARGS)`
`327`	`327`	`/* We could try casting to string using the libxml function? */`
`328`	`328`
`329`	`329`	`xpath= (xmlChar*)palloc(pathsize+9);`
`330`		`-strncpy((char*)xpath,"string(",7);`
	`330`	`+memcpy((char*)xpath,"string(",7);`
`331`	`331`	`memcpy((char*) (xpath+7),VARDATA(xpathsupp),pathsize);`
`332`	`332`	`xpath[pathsize+7]=')';`
`333`	`333`	`xpath[pathsize+8]='\0';`

`‎src/backend/libpq/hba.c‎`

Lines changed: 5 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -1996,6 +1996,8 @@ check_ident_usermap(IdentLine identLine, const char usermap_name,`
`1996`	`1996`
`1997`	`1997`	`if ((ofs=strstr(identLine->pg_role,"\\1"))!=NULL)`
`1998`	`1998`	`{`
	`1999`	`+intoffset;`
	`2000`	`+`
`1999`	`2001`	`/* substitution of the first argument requested */`
`2000`	`2002`	`if (matches[1].rm_so<0)`
`2001`	`2003`	`{`
`@@ -2012,8 +2014,9 @@ check_ident_usermap(IdentLine identLine, const char usermap_name,`
`2012`	`2014`	`* plus null terminator`
`2013`	`2015`	`*/`
`2014`	`2016`	`regexp_pgrole=palloc0(strlen(identLine->pg_role)-2+ (matches[1].rm_eo-matches[1].rm_so)+1);`
`2015`		`-strncpy(regexp_pgrole,identLine->pg_role, (ofs-identLine->pg_role));`
`2016`		`-memcpy(regexp_pgrole+strlen(regexp_pgrole),`
	`2017`	`+offset=ofs-identLine->pg_role;`
	`2018`	`+memcpy(regexp_pgrole,identLine->pg_role,offset);`
	`2019`	`+memcpy(regexp_pgrole+offset,`
`2017`	`2020`	`ident_user+matches[1].rm_so,`
`2018`	`2021`	`matches[1].rm_eo-matches[1].rm_so);`
`2019`	`2022`	`strcat(regexp_pgrole,ofs+2);`

`‎src/backend/postmaster/pgstat.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -3095,7 +3095,7 @@ pgstat_send_archiver(const char *xlog, bool failed)`
`3095`	`3095`	`*/`
`3096`	`3096`	`pgstat_setheader(&msg.m_hdr,PGSTAT_MTYPE_ARCHIVER);`
`3097`	`3097`	`msg.m_failed=failed;`
`3098`		`-strncpy(msg.m_xlog,xlog,sizeof(msg.m_xlog));`
	`3098`	`+StrNCpy(msg.m_xlog,xlog,sizeof(msg.m_xlog));`
`3099`	`3099`	`msg.m_timestamp=GetCurrentTimestamp();`
`3100`	`3100`	`pgstat_send(&msg,sizeof(msg));`
`3101`	`3101`	`}`

`‎src/backend/regex/regerror.c‎`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -111,7 +111,7 @@ pg_regerror(int errcode,/* error code, or REG_ATOI or REG_ITOA */`
`111`	`111`	`strcpy(errbuf,msg);`
`112`	`112`	`else`
`113`	`113`	`{/* truncate to fit */`
`114`		`-strncpy(errbuf,msg,errbuf_size-1);`
	`114`	`+memcpy(errbuf,msg,errbuf_size-1);`
`115`	`115`	`errbuf[errbuf_size-1]='\0';`
`116`	`116`	`}`
`117`	`117`	`}`

`‎src/backend/replication/logical/logical.c‎`

Lines changed: 1 addition & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -244,9 +244,7 @@ CreateInitDecodingContext(char *plugin,`
`244`	`244`
`245`	`245`	`/* register output plugin name with slot */`
`246`	`246`	`SpinLockAcquire(&slot->mutex);`
`247`		`-strncpy(NameStr(slot->data.plugin),plugin,`
`248`		`-NAMEDATALEN);`
`249`		`-NameStr(slot->data.plugin)[NAMEDATALEN-1]='\0';`
	`247`	`+StrNCpy(NameStr(slot->data.plugin),plugin,NAMEDATALEN);`
`250`	`248`	`SpinLockRelease(&slot->mutex);`
`251`	`249`
`252`	`250`	`/*`

0 commit comments

Comments

(0)

[8]ページ先頭

©2009-2025 Movatter.jp