Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit655b665

Browse files
committed
Prevent potential overruns of fixed-size buffers.
Coverity identified a number of places in which it couldn't prove that astring being copied into a fixed-size buffer would fit. We believe thatmost, perhaps all of these are in fact safe, or are copying data that iscoming from a trusted source so that any overrun is not really a securityissue. Nonetheless it seems prudent to forestall any risk by usingstrlcpy() and similar functions.Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.In addition, fix a potential null-pointer-dereference crash incontrib/chkpass. The crypt(3) function is defined to return NULL onfailure, but chkpass.c didn't check for that before using the result.The main practical case in which this could be an issue is if libc isconfigured to refuse to execute unapproved hashing algorithms (e.g.,"FIPS mode"). This ideally should've been a separate commit, butsince it touches code adjacent to one of the buffer overrun changes,I included it in this commit to avoid last-minute merge issues.This issue was reported by Honza Horak.Security:CVE-2014-0065 for buffer overruns,CVE-2014-0066 for crypt()
1 parent12bbce1 commit655b665

File tree

13 files changed

+54
-30
lines changed

13 files changed

+54
-30
lines changed

‎contrib/chkpass/chkpass.c‎

Lines changed: 26 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,7 @@ chkpass_in(PG_FUNCTION_ARGS)
7070
char*str=PG_GETARG_CSTRING(0);
7171
chkpass*result;
7272
charmysalt[4];
73+
char*crypt_output;
7374
staticcharsalt_chars[]=
7475
"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
7576

@@ -92,7 +93,15 @@ chkpass_in(PG_FUNCTION_ARGS)
9293
mysalt[1]=salt_chars[random()&0x3f];
9394
mysalt[2]=0;/* technically the terminator is not necessary
9495
* but I like to play safe */
95-
strcpy(result->password,crypt(str,mysalt));
96+
97+
crypt_output=crypt(str,mysalt);
98+
if (crypt_output==NULL)
99+
ereport(ERROR,
100+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
101+
errmsg("crypt() failed")));
102+
103+
strlcpy(result->password,crypt_output,sizeof(result->password));
104+
96105
PG_RETURN_POINTER(result);
97106
}
98107

@@ -141,9 +150,16 @@ chkpass_eq(PG_FUNCTION_ARGS)
141150
chkpass*a1= (chkpass*)PG_GETARG_POINTER(0);
142151
text*a2=PG_GETARG_TEXT_PP(1);
143152
charstr[9];
153+
char*crypt_output;
144154

145155
text_to_cstring_buffer(a2,str,sizeof(str));
146-
PG_RETURN_BOOL(strcmp(a1->password,crypt(str,a1->password))==0);
156+
crypt_output=crypt(str,a1->password);
157+
if (crypt_output==NULL)
158+
ereport(ERROR,
159+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
160+
errmsg("crypt() failed")));
161+
162+
PG_RETURN_BOOL(strcmp(a1->password,crypt_output)==0);
147163
}
148164

149165
PG_FUNCTION_INFO_V1(chkpass_ne);
@@ -153,7 +169,14 @@ chkpass_ne(PG_FUNCTION_ARGS)
153169
chkpass*a1= (chkpass*)PG_GETARG_POINTER(0);
154170
text*a2=PG_GETARG_TEXT_PP(1);
155171
charstr[9];
172+
char*crypt_output;
156173

157174
text_to_cstring_buffer(a2,str,sizeof(str));
158-
PG_RETURN_BOOL(strcmp(a1->password,crypt(str,a1->password))!=0);
175+
crypt_output=crypt(str,a1->password);
176+
if (crypt_output==NULL)
177+
ereport(ERROR,
178+
(errcode(ERRCODE_INVALID_PARAMETER_VALUE),
179+
errmsg("crypt() failed")));
180+
181+
PG_RETURN_BOOL(strcmp(a1->password,crypt_output)!=0);
159182
}

‎contrib/pg_standby/pg_standby.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -338,7 +338,7 @@ SetWALFileNameForCleanup(void)
338338
if (strcmp(restartWALFileName,nextWALFileName)>0)
339339
return false;
340340

341-
strcpy(exclusiveCleanupFileName,restartWALFileName);
341+
strlcpy(exclusiveCleanupFileName,restartWALFileName,sizeof(exclusiveCleanupFileName));
342342
return true;
343343
}
344344

‎src/backend/access/transam/xlog.c‎

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -3017,7 +3017,7 @@ KeepFileRestoredFromArchive(char *path, char *xlogfname)
30173017
xlogfpath,oldpath)));
30183018
}
30193019
#else
3020-
strncpy(oldpath,xlogfpath,MAXPGPATH);
3020+
strlcpy(oldpath,xlogfpath,MAXPGPATH);
30213021
#endif
30223022
if (unlink(oldpath)!=0)
30233023
ereport(FATAL,
@@ -5913,7 +5913,7 @@ recoveryStopsHere(XLogRecord *record, bool *includeThis)
59135913

59145914
recordRestorePointData= (xl_restore_point*)XLogRecGetData(record);
59155915
recordXtime=recordRestorePointData->rp_time;
5916-
strncpy(recordRPName,recordRestorePointData->rp_name,MAXFNAMELEN);
5916+
strlcpy(recordRPName,recordRestorePointData->rp_name,MAXFNAMELEN);
59175917
}
59185918
else
59195919
return false;
@@ -6008,7 +6008,7 @@ recoveryStopsHere(XLogRecord *record, bool *includeThis)
60086008
}
60096009
else
60106010
{
6011-
strncpy(recoveryStopName,recordRPName,MAXFNAMELEN);
6011+
strlcpy(recoveryStopName,recordRPName,MAXFNAMELEN);
60126012

60136013
ereport(LOG,
60146014
(errmsg("recovery stopping at restore point \"%s\", time %s",
@@ -6348,7 +6348,7 @@ StartupXLOG(void)
63486348
* see them
63496349
*/
63506350
XLogCtl->RecoveryTargetTLI=recoveryTargetTLI;
6351-
strncpy(XLogCtl->archiveCleanupCommand,
6351+
strlcpy(XLogCtl->archiveCleanupCommand,
63526352
archiveCleanupCommand ?archiveCleanupCommand :"",
63536353
sizeof(XLogCtl->archiveCleanupCommand));
63546354

@@ -8760,7 +8760,7 @@ XLogRestorePoint(const char *rpName)
87608760
xl_restore_pointxlrec;
87618761

87628762
xlrec.rp_time=GetCurrentTimestamp();
8763-
strncpy(xlrec.rp_name,rpName,MAXFNAMELEN);
8763+
strlcpy(xlrec.rp_name,rpName,MAXFNAMELEN);
87648764

87658765
rdata.buffer=InvalidBuffer;
87668766
rdata.data= (char*)&xlrec;

‎src/backend/tsearch/spell.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -255,7 +255,7 @@ NIAddSpell(IspellDict *Conf, const char *word, const char *flag)
255255
}
256256
Conf->Spell[Conf->nspell]= (SPELL*)tmpalloc(SPELLHDRSZ+strlen(word)+1);
257257
strcpy(Conf->Spell[Conf->nspell]->word,word);
258-
strncpy(Conf->Spell[Conf->nspell]->p.flag,flag,MAXFLAGLEN);
258+
strlcpy(Conf->Spell[Conf->nspell]->p.flag,flag,MAXFLAGLEN);
259259
Conf->nspell++;
260260
}
261261

‎src/backend/utils/adt/datetime.c‎

Lines changed: 6 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -90,10 +90,10 @@ char *days[] = {"Sunday", "Monday", "Tuesday", "Wednesday",
9090
* Note that this table must be strictly alphabetically ordered to allow an
9191
* O(ln(N)) search algorithm to be used.
9292
*
93-
* Thetext field is NOT guaranteed to be NULL-terminated.
93+
* Thetoken field is NOT guaranteed to be NULL-terminated.
9494
*
95-
* To keep this table reasonably small, we divide thelexval for TZ and DTZ
96-
* entries by 15 (so they are on 15 minute boundaries) and truncate thetext
95+
* To keep this table reasonably small, we divide thevalue for TZ and DTZ
96+
* entries by 15 (so they are on 15 minute boundaries) and truncate thetoken
9797
* field at TOKMAXLEN characters.
9898
* Formerly, we divided by 10 rather than 15 but there are a few time zones
9999
* which are 30 or 45 minutes away from an even hour, most are on an hour
@@ -108,7 +108,7 @@ static datetkn *timezonetktbl = NULL;
108108
staticintsztimezonetktbl=0;
109109

110110
staticconstdatetkndatetktbl[]= {
111-
/*text, token,lexval */
111+
/* token,type, value */
112112
{EARLY,RESERV,DTK_EARLY},/* "-infinity" reserved for "early time" */
113113
{DA_D,ADBC,AD},/* "ad" for years > 0 */
114114
{"allballs",RESERV,DTK_ZULU},/* 00:00:00 */
@@ -188,7 +188,7 @@ static const datetkn datetktbl[] = {
188188
staticintszdatetktbl=sizeofdatetktbl /sizeofdatetktbl[0];
189189

190190
staticdatetkndeltatktbl[]= {
191-
/*text, token, lexval */
191+
/*token, type, value */
192192
{"@",IGNORE_DTF,0},/* postgres relative prefix */
193193
{DAGO,AGO,0},/* "ago" indicates negative time offset */
194194
{"c",UNITS,DTK_CENTURY},/* "century" relative */
@@ -4201,6 +4201,7 @@ ConvertTimeZoneAbbrevs(TimeZoneAbbrevTable *tbl,
42014201
tbl->numabbrevs=n;
42024202
for (i=0;i<n;i++)
42034203
{
4204+
/* do NOT use strlcpy here; token field need not be null-terminated */
42044205
strncpy(newtbl[i].token,abbrevs[i].abbrev,TOKMAXLEN);
42054206
newtbl[i].type=abbrevs[i].is_dst ?DTZ :TZ;
42064207
TOVAL(&newtbl[i],abbrevs[i].offset /MINS_PER_HOUR);

‎src/bin/initdb/findtimezone.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,7 +68,7 @@ pg_open_tzfile(const char *name, char *canonname)
6868
if (canonname)
6969
strlcpy(canonname,name,TZ_STRLEN_MAX+1);
7070

71-
strcpy(fullname,pg_TZDIR());
71+
strlcpy(fullname,pg_TZDIR(),sizeof(fullname));
7272
if (strlen(fullname)+1+strlen(name) >=MAXPGPATH)
7373
return-1;/* not gonna fit */
7474
strcat(fullname,"/");
@@ -375,7 +375,7 @@ identify_system_timezone(void)
375375
}
376376

377377
/* Search for the best-matching timezone file */
378-
strcpy(tmptzdir,pg_TZDIR());
378+
strlcpy(tmptzdir,pg_TZDIR(),sizeof(tmptzdir));
379379
bestscore=-1;
380380
resultbuf[0]='\0';
381381
scan_available_timezones(tmptzdir,tmptzdir+strlen(tmptzdir)+1,

‎src/bin/pg_basebackup/pg_basebackup.c‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -735,9 +735,9 @@ ReceiveAndUnpackTarFile(PGconn *conn, PGresult *res, int rownum)
735735
FILE*file=NULL;
736736

737737
if (PQgetisnull(res,rownum,0))
738-
strcpy(current_path,basedir);
738+
strlcpy(current_path,basedir,sizeof(current_path));
739739
else
740-
strcpy(current_path,PQgetvalue(res,rownum,1));
740+
strlcpy(current_path,PQgetvalue(res,rownum,1),sizeof(current_path));
741741

742742
/*
743743
* Get the COPY data
@@ -1053,7 +1053,7 @@ BaseBackup(void)
10531053
progname);
10541054
disconnect_and_exit(1);
10551055
}
1056-
strcpy(xlogstart,PQgetvalue(res,0,0));
1056+
strlcpy(xlogstart,PQgetvalue(res,0,0),sizeof(xlogstart));
10571057
if (verbose&&includewal)
10581058
fprintf(stderr,"transaction log start point: %s\n",xlogstart);
10591059
PQclear(res);
@@ -1153,7 +1153,7 @@ BaseBackup(void)
11531153
progname);
11541154
disconnect_and_exit(1);
11551155
}
1156-
strcpy(xlogend,PQgetvalue(res,0,0));
1156+
strlcpy(xlogend,PQgetvalue(res,0,0),sizeof(xlogend));
11571157
if (verbose&&includewal)
11581158
fprintf(stderr,"transaction log end point: %s\n",xlogend);
11591159
PQclear(res);

‎src/interfaces/ecpg/preproc/pgc.l‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1315,7 +1315,7 @@ parse_include(void)
13151315
yytext[i] ='\0';
13161316
memmove(yytext, yytext+1,strlen(yytext));
13171317

1318-
strncpy(inc_file, yytext,sizeof(inc_file));
1318+
strlcpy(inc_file, yytext,sizeof(inc_file));
13191319
yyin =fopen(inc_file,"r");
13201320
if (!yyin)
13211321
{

‎src/interfaces/libpq/fe-protocol2.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -500,7 +500,7 @@ pqParseInput2(PGconn *conn)
500500
if (!conn->result)
501501
return;
502502
}
503-
strncpy(conn->result->cmdStatus,conn->workBuffer.data,
503+
strlcpy(conn->result->cmdStatus,conn->workBuffer.data,
504504
CMDSTATUS_LEN);
505505
checkXactStatus(conn,conn->workBuffer.data);
506506
conn->asyncStatus=PGASYNC_READY;

‎src/interfaces/libpq/fe-protocol3.c‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -206,7 +206,7 @@ pqParseInput3(PGconn *conn)
206206
if (!conn->result)
207207
return;
208208
}
209-
strncpy(conn->result->cmdStatus,conn->workBuffer.data,
209+
strlcpy(conn->result->cmdStatus,conn->workBuffer.data,
210210
CMDSTATUS_LEN);
211211
conn->asyncStatus=PGASYNC_READY;
212212
break;

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp