NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit655b665

committed

Prevent potential overruns of fixed-size buffers.

Coverity identified a number of places in which it couldn't prove that astring being copied into a fixed-size buffer would fit. We believe thatmost, perhaps all of these are in fact safe, or are copying data that iscoming from a trusted source so that any overrun is not really a securityissue. Nonetheless it seems prudent to forestall any risk by usingstrlcpy() and similar functions.Fixes by Peter Eisentraut and Jozef Mlich based on Coverity reports.In addition, fix a potential null-pointer-dereference crash incontrib/chkpass. The crypt(3) function is defined to return NULL onfailure, but chkpass.c didn't check for that before using the result.The main practical case in which this could be an issue is if libc isconfigured to refuse to execute unapproved hashing algorithms (e.g.,"FIPS mode"). This ideally should've been a separate commit, butsince it touches code adjacent to one of the buffer overrun changes,I included it in this commit to avoid last-minute merge issues.This issue was reported by Honza Horak.Security:CVE-2014-0065 for buffer overruns,CVE-2014-0066 for crypt()

1 parent12bbce1 commit655b665Copy full SHA for 655b665

File tree

13 files changed

+54

-30

lines changed

contrib
- chkpass
  - chkpass.c
- pg_standby
  - pg_standby.c
src
- backend
  - access/transam
    - xlog.c
  - tsearch
    - spell.c
  - utils/adt
    - datetime.c
- bin
  - initdb
    - findtimezone.c
  - pg_basebackup
    - pg_basebackup.c
- interfaces
  - ecpg/preproc
    - pgc.l
  - libpq
    - fe-protocol2.c
    - fe-protocol3.c
- port
  - exec.c
- test/regress
  - pg_regress.c
- timezone
  - pgtz.c

13 files changed

+54

-30

lines changed

`‎contrib/chkpass/chkpass.c`

Lines changed: 26 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -70,6 +70,7 @@ chkpass_in(PG_FUNCTION_ARGS)`
`70`	`70`	`char*str=PG_GETARG_CSTRING(0);`
`71`	`71`	`chkpass*result;`
`72`	`72`	`charmysalt[4];`
	`73`	`+char*crypt_output;`
`73`	`74`	`staticcharsalt_chars[]=`
`74`	`75`	`"./0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";`
`75`	`76`
`@@ -92,7 +93,15 @@ chkpass_in(PG_FUNCTION_ARGS)`
`92`	`93`	`mysalt[1]=salt_chars[random()&0x3f];`
`93`	`94`	`mysalt[2]=0;/* technically the terminator is not necessary`
`94`	`95`	`* but I like to play safe */`
`95`		`-strcpy(result->password,crypt(str,mysalt));`
	`96`	`+`
	`97`	`+crypt_output=crypt(str,mysalt);`
	`98`	`+if (crypt_output==NULL)`
	`99`	`+ereport(ERROR,`
	`100`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`101`	`+errmsg("crypt() failed")));`
	`102`	`+`
	`103`	`+strlcpy(result->password,crypt_output,sizeof(result->password));`
	`104`	`+`
`96`	`105`	`PG_RETURN_POINTER(result);`
`97`	`106`	`}`
`98`	`107`
`@@ -141,9 +150,16 @@ chkpass_eq(PG_FUNCTION_ARGS)`
`141`	`150`	`chkpassa1= (chkpass)PG_GETARG_POINTER(0);`
`142`	`151`	`text*a2=PG_GETARG_TEXT_PP(1);`
`143`	`152`	`charstr[9];`
	`153`	`+char*crypt_output;`
`144`	`154`
`145`	`155`	`text_to_cstring_buffer(a2,str,sizeof(str));`
`146`		`-PG_RETURN_BOOL(strcmp(a1->password,crypt(str,a1->password))==0);`
	`156`	`+crypt_output=crypt(str,a1->password);`
	`157`	`+if (crypt_output==NULL)`
	`158`	`+ereport(ERROR,`
	`159`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`160`	`+errmsg("crypt() failed")));`
	`161`	`+`
	`162`	`+PG_RETURN_BOOL(strcmp(a1->password,crypt_output)==0);`
`147`	`163`	`}`
`148`	`164`
`149`	`165`	`PG_FUNCTION_INFO_V1(chkpass_ne);`
`@@ -153,7 +169,14 @@ chkpass_ne(PG_FUNCTION_ARGS)`
`153`	`169`	`chkpassa1= (chkpass)PG_GETARG_POINTER(0);`
`154`	`170`	`text*a2=PG_GETARG_TEXT_PP(1);`
`155`	`171`	`charstr[9];`
	`172`	`+char*crypt_output;`
`156`	`173`
`157`	`174`	`text_to_cstring_buffer(a2,str,sizeof(str));`
`158`		`-PG_RETURN_BOOL(strcmp(a1->password,crypt(str,a1->password))!=0);`
	`175`	`+crypt_output=crypt(str,a1->password);`
	`176`	`+if (crypt_output==NULL)`
	`177`	`+ereport(ERROR,`
	`178`	`+(errcode(ERRCODE_INVALID_PARAMETER_VALUE),`
	`179`	`+errmsg("crypt() failed")));`
	`180`	`+`
	`181`	`+PG_RETURN_BOOL(strcmp(a1->password,crypt_output)!=0);`
`159`	`182`	`}`

`‎contrib/pg_standby/pg_standby.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -338,7 +338,7 @@ SetWALFileNameForCleanup(void)`
`338`	`338`	`if (strcmp(restartWALFileName,nextWALFileName)>0)`
`339`	`339`	`return false;`
`340`	`340`
`341`		`-strcpy(exclusiveCleanupFileName,restartWALFileName);`
	`341`	`+strlcpy(exclusiveCleanupFileName,restartWALFileName,sizeof(exclusiveCleanupFileName));`
`342`	`342`	`return true;`
`343`	`343`	`}`
`344`	`344`

`‎src/backend/access/transam/xlog.c`

Lines changed: 5 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -3017,7 +3017,7 @@ KeepFileRestoredFromArchive(char path, char xlogfname)`
`3017`	`3017`	`xlogfpath,oldpath)));`
`3018`	`3018`	`}`
`3019`	`3019`	`#else`
`3020`		`-strncpy(oldpath,xlogfpath,MAXPGPATH);`
	`3020`	`+strlcpy(oldpath,xlogfpath,MAXPGPATH);`
`3021`	`3021`	`#endif`
`3022`	`3022`	`if (unlink(oldpath)!=0)`
`3023`	`3023`	`ereport(FATAL,`
`@@ -5913,7 +5913,7 @@ recoveryStopsHere(XLogRecord record, bool includeThis)`
`5913`	`5913`
`5914`	`5914`	`recordRestorePointData= (xl_restore_point*)XLogRecGetData(record);`
`5915`	`5915`	`recordXtime=recordRestorePointData->rp_time;`
`5916`		`-strncpy(recordRPName,recordRestorePointData->rp_name,MAXFNAMELEN);`
	`5916`	`+strlcpy(recordRPName,recordRestorePointData->rp_name,MAXFNAMELEN);`
`5917`	`5917`	`}`
`5918`	`5918`	`else`
`5919`	`5919`	`return false;`
`@@ -6008,7 +6008,7 @@ recoveryStopsHere(XLogRecord record, bool includeThis)`
`6008`	`6008`	`}`
`6009`	`6009`	`else`
`6010`	`6010`	`{`
`6011`		`-strncpy(recoveryStopName,recordRPName,MAXFNAMELEN);`
	`6011`	`+strlcpy(recoveryStopName,recordRPName,MAXFNAMELEN);`
`6012`	`6012`
`6013`	`6013`	`ereport(LOG,`
`6014`	`6014`	`(errmsg("recovery stopping at restore point \"%s\", time %s",`
`@@ -6348,7 +6348,7 @@ StartupXLOG(void)`
`6348`	`6348`	`* see them`
`6349`	`6349`	`*/`
`6350`	`6350`	`XLogCtl->RecoveryTargetTLI=recoveryTargetTLI;`
`6351`		`-strncpy(XLogCtl->archiveCleanupCommand,`
	`6351`	`+strlcpy(XLogCtl->archiveCleanupCommand,`
`6352`	`6352`	`archiveCleanupCommand ?archiveCleanupCommand :"",`
`6353`	`6353`	`sizeof(XLogCtl->archiveCleanupCommand));`
`6354`	`6354`
`@@ -8760,7 +8760,7 @@ XLogRestorePoint(const char *rpName)`
`8760`	`8760`	`xl_restore_pointxlrec;`
`8761`	`8761`
`8762`	`8762`	`xlrec.rp_time=GetCurrentTimestamp();`
`8763`		`-strncpy(xlrec.rp_name,rpName,MAXFNAMELEN);`
	`8763`	`+strlcpy(xlrec.rp_name,rpName,MAXFNAMELEN);`
`8764`	`8764`
`8765`	`8765`	`rdata.buffer=InvalidBuffer;`
`8766`	`8766`	`rdata.data= (char*)&xlrec;`

`‎src/backend/tsearch/spell.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -255,7 +255,7 @@ NIAddSpell(IspellDict Conf, const char word, const char *flag)`
`255`	`255`	`}`
`256`	`256`	`Conf->Spell[Conf->nspell]= (SPELL*)tmpalloc(SPELLHDRSZ+strlen(word)+1);`
`257`	`257`	`strcpy(Conf->Spell[Conf->nspell]->word,word);`
`258`		`-strncpy(Conf->Spell[Conf->nspell]->p.flag,flag,MAXFLAGLEN);`
	`258`	`+strlcpy(Conf->Spell[Conf->nspell]->p.flag,flag,MAXFLAGLEN);`
`259`	`259`	`Conf->nspell++;`
`260`	`260`	`}`
`261`	`261`

`‎src/backend/utils/adt/datetime.c`

Lines changed: 6 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -90,10 +90,10 @@ char *days[] = {"Sunday", "Monday", "Tuesday", "Wednesday",`
`90`	`90`	`* Note that this table must be strictly alphabetically ordered to allow an`
`91`	`91`	`* O(ln(N)) search algorithm to be used.`
`92`	`92`	`*`
`93`		`- * Thetext field is NOT guaranteed to be NULL-terminated.`
	`93`	`+ * Thetoken field is NOT guaranteed to be NULL-terminated.`
`94`	`94`	`*`
`95`		`- * To keep this table reasonably small, we divide thelexval for TZ and DTZ`
`96`		`- * entries by 15 (so they are on 15 minute boundaries) and truncate thetext`
	`95`	`+ * To keep this table reasonably small, we divide thevalue for TZ and DTZ`
	`96`	`+ * entries by 15 (so they are on 15 minute boundaries) and truncate thetoken`
`97`	`97`	`* field at TOKMAXLEN characters.`
`98`	`98`	`* Formerly, we divided by 10 rather than 15 but there are a few time zones`
`99`	`99`	`* which are 30 or 45 minutes away from an even hour, most are on an hour`
`@@ -108,7 +108,7 @@ static datetkn *timezonetktbl = NULL;`
`108`	`108`	`staticintsztimezonetktbl=0;`
`109`	`109`
`110`	`110`	`staticconstdatetkndatetktbl[]= {`
`111`		`-/text, token,lexval /`
	`111`	`+/* token,type, value */`
`112`	`112`	`{EARLY,RESERV,DTK_EARLY},/* "-infinity" reserved for "early time" */`
`113`	`113`	`{DA_D,ADBC,AD},/* "ad" for years > 0 */`
`114`	`114`	`{"allballs",RESERV,DTK_ZULU},/* 00:00:00 */`
`@@ -188,7 +188,7 @@ static const datetkn datetktbl[] = {`
`188`	`188`	`staticintszdatetktbl=sizeofdatetktbl /sizeofdatetktbl[0];`
`189`	`189`
`190`	`190`	`staticdatetkndeltatktbl[]= {`
`191`		`-/text, token, lexval /`
	`191`	`+/token, type, value /`
`192`	`192`	`{"@",IGNORE_DTF,0},/* postgres relative prefix */`
`193`	`193`	`{DAGO,AGO,0},/* "ago" indicates negative time offset */`
`194`	`194`	`{"c",UNITS,DTK_CENTURY},/* "century" relative */`
`@@ -4201,6 +4201,7 @@ ConvertTimeZoneAbbrevs(TimeZoneAbbrevTable *tbl,`
`4201`	`4201`	`tbl->numabbrevs=n;`
`4202`	`4202`	`for (i=0;i<n;i++)`
`4203`	`4203`	`{`
	`4204`	`+/* do NOT use strlcpy here; token field need not be null-terminated */`
`4204`	`4205`	`strncpy(newtbl[i].token,abbrevs[i].abbrev,TOKMAXLEN);`
`4205`	`4206`	`newtbl[i].type=abbrevs[i].is_dst ?DTZ :TZ;`
`4206`	`4207`	`TOVAL(&newtbl[i],abbrevs[i].offset /MINS_PER_HOUR);`

`‎src/bin/initdb/findtimezone.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,7 @@ pg_open_tzfile(const char name, char canonname)`
`68`	`68`	`if (canonname)`
`69`	`69`	`strlcpy(canonname,name,TZ_STRLEN_MAX+1);`
`70`	`70`
`71`		`-strcpy(fullname,pg_TZDIR());`
	`71`	`+strlcpy(fullname,pg_TZDIR(),sizeof(fullname));`
`72`	`72`	`if (strlen(fullname)+1+strlen(name) >=MAXPGPATH)`
`73`	`73`	`return-1;/* not gonna fit */`
`74`	`74`	`strcat(fullname,"/");`
`@@ -375,7 +375,7 @@ identify_system_timezone(void)`
`375`	`375`	`}`
`376`	`376`
`377`	`377`	`/* Search for the best-matching timezone file */`
`378`		`-strcpy(tmptzdir,pg_TZDIR());`
	`378`	`+strlcpy(tmptzdir,pg_TZDIR(),sizeof(tmptzdir));`
`379`	`379`	`bestscore=-1;`
`380`	`380`	`resultbuf[0]='\0';`
`381`	`381`	`scan_available_timezones(tmptzdir,tmptzdir+strlen(tmptzdir)+1,`

`‎src/bin/pg_basebackup/pg_basebackup.c`

Lines changed: 4 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -735,9 +735,9 @@ ReceiveAndUnpackTarFile(PGconn conn, PGresult res, int rownum)`
`735`	`735`	`FILE*file=NULL;`
`736`	`736`
`737`	`737`	`if (PQgetisnull(res,rownum,0))`
`738`		`-strcpy(current_path,basedir);`
	`738`	`+strlcpy(current_path,basedir,sizeof(current_path));`
`739`	`739`	`else`
`740`		`-strcpy(current_path,PQgetvalue(res,rownum,1));`
	`740`	`+strlcpy(current_path,PQgetvalue(res,rownum,1),sizeof(current_path));`
`741`	`741`
`742`	`742`	`/*`
`743`	`743`	`* Get the COPY data`
`@@ -1053,7 +1053,7 @@ BaseBackup(void)`
`1053`	`1053`	`progname);`
`1054`	`1054`	`disconnect_and_exit(1);`
`1055`	`1055`	`}`
`1056`		`-strcpy(xlogstart,PQgetvalue(res,0,0));`
	`1056`	`+strlcpy(xlogstart,PQgetvalue(res,0,0),sizeof(xlogstart));`
`1057`	`1057`	`if (verbose&&includewal)`
`1058`	`1058`	`fprintf(stderr,"transaction log start point: %s\n",xlogstart);`
`1059`	`1059`	`PQclear(res);`
`@@ -1153,7 +1153,7 @@ BaseBackup(void)`
`1153`	`1153`	`progname);`
`1154`	`1154`	`disconnect_and_exit(1);`
`1155`	`1155`	`}`
`1156`		`-strcpy(xlogend,PQgetvalue(res,0,0));`
	`1156`	`+strlcpy(xlogend,PQgetvalue(res,0,0),sizeof(xlogend));`
`1157`	`1157`	`if (verbose&&includewal)`
`1158`	`1158`	`fprintf(stderr,"transaction log end point: %s\n",xlogend);`
`1159`	`1159`	`PQclear(res);`

`‎src/interfaces/ecpg/preproc/pgc.l`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -1315,7 +1315,7 @@ parse_include(void)`
`1315`	`1315`	`yytext[i] ='\0';`
`1316`	`1316`	`memmove(yytext, yytext+1,strlen(yytext));`
`1317`	`1317`
`1318`		`-strncpy(inc_file, yytext,sizeof(inc_file));`
	`1318`	`+strlcpy(inc_file, yytext,sizeof(inc_file));`
`1319`	`1319`	`yyin =fopen(inc_file,"r");`
`1320`	`1320`	`if (!yyin)`
`1321`	`1321`	`{`

`‎src/interfaces/libpq/fe-protocol2.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -500,7 +500,7 @@ pqParseInput2(PGconn *conn)`
`500`	`500`	`if (!conn->result)`
`501`	`501`	`return;`
`502`	`502`	`}`
`503`		`-strncpy(conn->result->cmdStatus,conn->workBuffer.data,`
	`503`	`+strlcpy(conn->result->cmdStatus,conn->workBuffer.data,`
`504`	`504`	`CMDSTATUS_LEN);`
`505`	`505`	`checkXactStatus(conn,conn->workBuffer.data);`
`506`	`506`	`conn->asyncStatus=PGASYNC_READY;`

`‎src/interfaces/libpq/fe-protocol3.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -206,7 +206,7 @@ pqParseInput3(PGconn *conn)`
`206`	`206`	`if (!conn->result)`
`207`	`207`	`return;`
`208`	`208`	`}`
`209`		`-strncpy(conn->result->cmdStatus,conn->workBuffer.data,`
	`209`	`+strlcpy(conn->result->cmdStatus,conn->workBuffer.data,`
`210`	`210`	`CMDSTATUS_LEN);`
`211`	`211`	`conn->asyncStatus=PGASYNC_READY;`
`212`	`212`	`break;`

`‎src/port/exec.c`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -66,7 +66,7 @@ validate_exec(const char *path)`
`66`	`66`	`if (strlen(path) >=strlen(".exe")&&`
`67`	`67`	`pg_strcasecmp(path+strlen(path)-strlen(".exe"),".exe")!=0)`
`68`	`68`	`{`
`69`		`-strcpy(path_exe,path);`
	`69`	`+strlcpy(path_exe,path,sizeof(path_exe)-4);`
`70`	`70`	`strcat(path_exe,".exe");`
`71`	`71`	`path=path_exe;`
`72`	`72`	`}`
`@@ -275,7 +275,7 @@ resolve_symlinks(char *path)`
`275`	`275`	`}`
`276`	`276`
`277`	`277`	`/* must copy final component out of 'path' temporarily */`
`278`		`-strcpy(link_buf,fname);`
	`278`	`+strlcpy(link_buf,fname,sizeof(link_buf));`
`279`	`279`
`280`	`280`	`if (!getcwd(path,MAXPGPATH))`
`281`	`281`	`{`

`‎src/test/regress/pg_regress.c`

Lines changed: 3 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -1233,7 +1233,7 @@ results_differ(const char testname, const char resultsfile, const char *defaul`
`1233`	`1233`	`*/`
`1234`	`1234`	`platform_expectfile=get_expectfile(testname,resultsfile);`
`1235`	`1235`
`1236`		`-strcpy(expectfile,default_expectfile);`
	`1236`	`+strlcpy(expectfile,default_expectfile,sizeof(expectfile));`
`1237`	`1237`	`if (platform_expectfile)`
`1238`	`1238`	`{`
`1239`	`1239`	`/*`
`@@ -1288,7 +1288,7 @@ results_differ(const char testname, const char resultsfile, const char *defaul`
`1288`	`1288`	`{`
`1289`	`1289`	`/* This diff was a better match than the last one */`
`1290`	`1290`	`best_line_count=l;`
`1291`		`-strcpy(best_expect_file,alt_expectfile);`
	`1291`	`+strlcpy(best_expect_file,alt_expectfile,sizeof(best_expect_file));`
`1292`	`1292`	`}`
`1293`	`1293`	`free(alt_expectfile);`
`1294`	`1294`	`}`
`@@ -1316,7 +1316,7 @@ results_differ(const char testname, const char resultsfile, const char *defaul`
`1316`	`1316`	`{`
`1317`	`1317`	`/* This diff was a better match than the last one */`
`1318`	`1318`	`best_line_count=l;`
`1319`		`-strcpy(best_expect_file,default_expectfile);`
	`1319`	`+strlcpy(best_expect_file,default_expectfile,sizeof(best_expect_file));`
`1320`	`1320`	`}`
`1321`	`1321`	`}`
`1322`	`1322`

`‎src/timezone/pgtz.c`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -83,7 +83,7 @@ pg_open_tzfile(const char name, char canonname)`
`83`	`83`	`* Loop to split the given name into directory levels; for each level,`
`84`	`84`	`* search using scan_directory_ci().`
`85`	`85`	`*/`
`86`		`-strcpy(fullname,pg_TZDIR());`
	`86`	`+strlcpy(fullname,pg_TZDIR(),sizeof(fullname));`
`87`	`87`	`orignamelen=fullnamelen=strlen(fullname);`
`88`	`88`	`fname=name;`
`89`	`89`	`for (;;)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit655b665

File tree

13 files changed

13 files changed

`‎contrib/chkpass/chkpass.c`

`‎contrib/pg_standby/pg_standby.c`

`‎src/backend/access/transam/xlog.c`

`‎src/backend/tsearch/spell.c`

`‎src/backend/utils/adt/datetime.c`

`‎src/bin/initdb/findtimezone.c`

`‎src/bin/pg_basebackup/pg_basebackup.c`

`‎src/interfaces/ecpg/preproc/pgc.l`

`‎src/interfaces/libpq/fe-protocol2.c`

`‎src/interfaces/libpq/fe-protocol3.c`

`‎src/port/exec.c`

`‎src/test/regress/pg_regress.c`

`‎src/timezone/pgtz.c`

0 commit comments