NotificationsYou must be signed in to change notification settings
Fork6
Star31

Commit85d85ff

committed

Fix corner cases in readlink() usage.

Make sure all calls are protected by HAVE_READLINK, and get the bufferoverflow tests right. Be a bit more paranoid about string length in_tarWriteHeader(), too.

1 parent9c32da5 commit85d85ffCopy full SHA for 85d85ff

File tree

1 file changed

+38

-14

lines changed

src/backend/replication
- basebackup.c

1 file changed

+38

-14

lines changed

`‎src/backend/replication/basebackup.c`

Lines changed: 38 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -46,7 +46,7 @@ static int64 sendDir(char *path, int basepathlen, bool sizeonly);`
`46`	`46`	`staticvoidsendFile(charreadfilename,chartarfilename,`
`47`	`47`	`structstat*statbuf);`
`48`	`48`	`staticvoidsendFileWithContent(constcharfilename,constcharcontent);`
`49`		`-staticvoid_tarWriteHeader(constcharfilename,charlinktarget,`
	`49`	`+staticvoid_tarWriteHeader(constcharfilename,constcharlinktarget,`
`50`	`50`	`structstat*statbuf);`
`51`	`51`	`staticvoidsend_int8_string(StringInfoData*buf,int64intval);`
`52`	`52`	`staticvoidSendBackupHeader(List*tablespaces);`
`@@ -117,17 +117,19 @@ perform_base_backup(basebackup_options opt, DIR tblspcdir)`
`117`	`117`	`snprintf(fullpath,sizeof(fullpath),"pg_tblspc/%s",de->d_name);`
`118`	`118`
`119`	`119`	`#if defined(HAVE_READLINK)\|\| defined(WIN32)`
`120`		`-rllen=readlink(fullpath,linkpath,sizeof(linkpath)-1);`
	`120`	`+rllen=readlink(fullpath,linkpath,sizeof(linkpath));`
`121`	`121`	`if (rllen<0)`
`122`	`122`	`{`
`123`	`123`	`ereport(WARNING,`
`124`		`-(errmsg("could not read symbolic link \"%s\": %m",fullpath)));`
	`124`	`+(errmsg("could not read symbolic link \"%s\": %m",`
	`125`	`+fullpath)));`
`125`	`126`	`continue;`
`126`	`127`	`}`
`127`	`128`	`elseif (rllen >=sizeof(linkpath))`
`128`	`129`	`{`
`129`	`130`	`ereport(WARNING,`
`130`		`-(errmsg("symbolic link \"%s\" target is too long",fullpath)));`
	`131`	`+(errmsg("symbolic link \"%s\" target is too long",`
	`132`	`+fullpath)));`
`131`	`133`	`continue;`
`132`	`134`	`}`
`133`	`135`	`linkpath[rllen]='\0';`
`@@ -139,9 +141,9 @@ perform_base_backup(basebackup_options opt, DIR tblspcdir)`
`139`	`141`	`tablespaces=lappend(tablespaces,ti);`
`140`	`142`	`#else`
`141`	`143`	`/*`
`142`		`- * If the platform does not have symbolic links, it should not be possible`
`143`		`- * to have tablespaces - clearly somebody else created them. Warn about it`
`144`		`- * and ignore.`
	`144`	`+ * If the platform does not have symbolic links, it should not be`
	`145`	`+ *possibleto have tablespaces - clearly somebody else created`
	`146`	`+ *them. Warn about itand ignore.`
`145`	`147`	`*/`
`146`	`148`	`ereport(WARNING,`
`147`	`149`	`(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),`
`@@ -635,24 +637,45 @@ sendDir(char *path, int basepathlen, bool sizeonly)`
`635`	`637`	`continue;/* don't recurse into pg_xlog */`
`636`	`638`	`}`
`637`	`639`
	`640`	`+/* Allow symbolic links in pg_tblspc only */`
	`641`	`+if (strcmp(path,"./pg_tblspc")==0&&`
`638`	`642`	`#ifndefWIN32`
`639`		`-if (S_ISLNK(statbuf.st_mode)&&strcmp(path,"./pg_tblspc")==0)`
	`643`	`+S_ISLNK(statbuf.st_mode)`
`640`	`644`	`#else`
`641`		`-if (pgwin32_is_junction(pathbuf)&&strcmp(path,"./pg_tblspc")==0)`
	`645`	`+pgwin32_is_junction(pathbuf)`
`642`	`646`	`#endif`
	`647`	`+)`
`643`	`648`	`{`
`644`		`-/* Allow symbolic links in pg_tblspc */`
	`649`	`+#if defined(HAVE_READLINK)\|\| defined(WIN32)`
`645`	`650`	`charlinkpath[MAXPGPATH];`
	`651`	`+intrllen;`
`646`	`652`
`647`		`-MemSet(linkpath,0,sizeof(linkpath));`
`648`		`-if (readlink(pathbuf,linkpath,sizeof(linkpath)-1)==-1)`
	`653`	`+rllen=readlink(pathbuf,linkpath,sizeof(linkpath));`
	`654`	`+if (rllen<0)`
`649`	`655`	`ereport(ERROR,`
`650`	`656`	`(errcode_for_file_access(),`
`651`	`657`	`errmsg("could not read symbolic link \"%s\": %m",`
`652`	`658`	`pathbuf)));`
	`659`	`+if (rllen >=sizeof(linkpath))`
	`660`	`+ereport(ERROR,`
	`661`	`+(errmsg("symbolic link \"%s\" target is too long",`
	`662`	`+pathbuf)));`
	`663`	`+linkpath[rllen]='\0';`
	`664`	`+`
`653`	`665`	`if (!sizeonly)`
`654`	`666`	`_tarWriteHeader(pathbuf+basepathlen+1,linkpath,&statbuf);`
`655`	`667`	`size+=512;/* Size of the header just added */`
	`668`	`+#else`
	`669`	`+/*`
	`670`	`+ * If the platform does not have symbolic links, it should not be`
	`671`	`+ * possible to have tablespaces - clearly somebody else created`
	`672`	`+ * them. Warn about it and ignore.`
	`673`	`+ */`
	`674`	`+ereport(WARNING,`
	`675`	`+(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),`
	`676`	`+errmsg("tablespaces are not supported on this platform")));`
	`677`	`+continue;`
	`678`	`+#endif/* HAVE_READLINK */`
`656`	`679`	`}`
`657`	`680`	`elseif (S_ISDIR(statbuf.st_mode))`
`658`	`681`	`{`
`@@ -800,7 +823,8 @@ sendFile(char readfilename, char tarfilename, struct stat * statbuf)`
`800`	`823`
`801`	`824`
`802`	`825`	`staticvoid`
`803`		`-_tarWriteHeader(constcharfilename,charlinktarget,structstat*statbuf)`
	`826`	`+_tarWriteHeader(constcharfilename,constcharlinktarget,`
	`827`	`+structstat*statbuf)`
`804`	`828`	`{`
`805`	`829`	`charh[512];`
`806`	`830`	`intlastSum=0;`
`@@ -848,7 +872,7 @@ _tarWriteHeader(const char filename, char linktarget, struct stat * statbuf)`
`848`	`872`	`{`
`849`	`873`	`/* Type - Symbolic link */`
`850`	`874`	`sprintf(&h[156],"2");`
`851`		`-strcpy(&h[157],linktarget);`
	`875`	`+sprintf(&h[157],"%.99s",linktarget);`
`852`	`876`	`}`
`853`	`877`	`elseif (S_ISDIR(statbuf->st_mode))`
`854`	`878`	`/* Type - directory */`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit85d85ff

File tree

1 file changed

1 file changed

`‎src/backend/replication/basebackup.c`

0 commit comments