Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit7cb964a

Browse files
committed
Fix buffer overrun in isolation test program.
Commit061b88c saved argv0 to aglobal buffer without ensuring that it was zero terminated,allowing references to it to overrun the buffer and access othermemory. This probably would not have presented any security risk,but could have resulted in very confusing failures if the path tothe executable was very long.Reported by David Rowley
1 parent71dd54a commit7cb964a

File tree

1 file changed

+9
-1
lines changed

1 file changed

+9
-1
lines changed

‎src/test/isolation/isolation_main.c

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -98,6 +98,8 @@ isolation_start_test(const char *testname,
9898
staticvoid
9999
isolation_init(intargc,char**argv)
100100
{
101+
size_targv0_len;
102+
101103
/*
102104
* We unfortunately cannot do the find_other_exec() lookup to find the
103105
* "isolationtester" binary here. regression_main() calls the
@@ -107,7 +109,13 @@ isolation_init(int argc, char **argv)
107109
* does to fail since it's linked to libpq. So we instead copy argv[0]
108110
* and do the lookup the first time through isolation_start_test().
109111
*/
110-
strncpy(saved_argv0,argv[0],MAXPGPATH);
112+
argv0_len=strlcpy(saved_argv0,argv[0],MAXPGPATH);
113+
if (argv0_len >=MAXPGPATH)
114+
{
115+
fprintf(stderr,_("path for isolationtester executable is longer than %i bytes\n"),
116+
(int) (MAXPGPATH-1));
117+
exit(2);
118+
}
111119

112120
/* set default regression database name */
113121
add_stringlist_item(&dblist,"isolationtest");

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp