NotificationsYou must be signed in to change notification settings
Fork5
Star26

Commit0d0ec52

committed

Fix corner cases in readlink() usage.

Make sure all calls are protected by HAVE_READLINK, and get the bufferoverflow tests right. Be a bit more paranoid about string length in_tarWriteHeader(), too.

1 parent0d9b092 commit0d0ec52Copy full SHA for 0d0ec52

File tree

2 files changed

+46

-18

lines changed

src/backend
- replication
  - basebackup.c
- utils/adt
  - misc.c

2 files changed

+46

-18

lines changed

`‎src/backend/replication/basebackup.c`

Lines changed: 38 additions & 14 deletions

Original file line number	Diff line number	Diff line change
`@@ -47,7 +47,7 @@ static int64 sendDir(char *path, int basepathlen, bool sizeonly);`
`47`	`47`	`staticvoidsendFile(charreadfilename,chartarfilename,`
`48`	`48`	`structstat*statbuf);`
`49`	`49`	`staticvoidsendFileWithContent(constcharfilename,constcharcontent);`
`50`		`-staticvoid_tarWriteHeader(constcharfilename,charlinktarget,`
	`50`	`+staticvoid_tarWriteHeader(constcharfilename,constcharlinktarget,`
`51`	`51`	`structstat*statbuf);`
`52`	`52`	`staticvoidsend_int8_string(StringInfoData*buf,int64intval);`
`53`	`53`	`staticvoidSendBackupHeader(List*tablespaces);`
`@@ -118,17 +118,19 @@ perform_base_backup(basebackup_options opt, DIR tblspcdir)`
`118`	`118`	`snprintf(fullpath,sizeof(fullpath),"pg_tblspc/%s",de->d_name);`
`119`	`119`
`120`	`120`	`#if defined(HAVE_READLINK)\|\| defined(WIN32)`
`121`		`-rllen=readlink(fullpath,linkpath,sizeof(linkpath)-1);`
	`121`	`+rllen=readlink(fullpath,linkpath,sizeof(linkpath));`
`122`	`122`	`if (rllen<0)`
`123`	`123`	`{`
`124`	`124`	`ereport(WARNING,`
`125`		`-(errmsg("could not read symbolic link \"%s\": %m",fullpath)));`
	`125`	`+(errmsg("could not read symbolic link \"%s\": %m",`
	`126`	`+fullpath)));`
`126`	`127`	`continue;`
`127`	`128`	`}`
`128`	`129`	`elseif (rllen >=sizeof(linkpath))`
`129`	`130`	`{`
`130`	`131`	`ereport(WARNING,`
`131`		`-(errmsg("symbolic link \"%s\" target is too long",fullpath)));`
	`132`	`+(errmsg("symbolic link \"%s\" target is too long",`
	`133`	`+fullpath)));`
`132`	`134`	`continue;`
`133`	`135`	`}`
`134`	`136`	`linkpath[rllen]='\0';`
`@@ -140,9 +142,9 @@ perform_base_backup(basebackup_options opt, DIR tblspcdir)`
`140`	`142`	`tablespaces=lappend(tablespaces,ti);`
`141`	`143`	`#else`
`142`	`144`	`/*`
`143`		`- * If the platform does not have symbolic links, it should not be possible`
`144`		`- * to have tablespaces - clearly somebody else created them. Warn about it`
`145`		`- * and ignore.`
	`145`	`+ * If the platform does not have symbolic links, it should not be`
	`146`	`+ *possibleto have tablespaces - clearly somebody else created`
	`147`	`+ *them. Warn about itand ignore.`
`146`	`148`	`*/`
`147`	`149`	`ereport(WARNING,`
`148`	`150`	`(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),`
`@@ -641,24 +643,45 @@ sendDir(char *path, int basepathlen, bool sizeonly)`
`641`	`643`	`continue;/* don't recurse into pg_xlog */`
`642`	`644`	`}`
`643`	`645`
	`646`	`+/* Allow symbolic links in pg_tblspc only */`
	`647`	`+if (strcmp(path,"./pg_tblspc")==0&&`
`644`	`648`	`#ifndefWIN32`
`645`		`-if (S_ISLNK(statbuf.st_mode)&&strcmp(path,"./pg_tblspc")==0)`
	`649`	`+S_ISLNK(statbuf.st_mode)`
`646`	`650`	`#else`
`647`		`-if (pgwin32_is_junction(pathbuf)&&strcmp(path,"./pg_tblspc")==0)`
	`651`	`+pgwin32_is_junction(pathbuf)`
`648`	`652`	`#endif`
	`653`	`+)`
`649`	`654`	`{`
`650`		`-/* Allow symbolic links in pg_tblspc */`
	`655`	`+#if defined(HAVE_READLINK)\|\| defined(WIN32)`
`651`	`656`	`charlinkpath[MAXPGPATH];`
	`657`	`+intrllen;`
`652`	`658`
`653`		`-MemSet(linkpath,0,sizeof(linkpath));`
`654`		`-if (readlink(pathbuf,linkpath,sizeof(linkpath)-1)==-1)`
	`659`	`+rllen=readlink(pathbuf,linkpath,sizeof(linkpath));`
	`660`	`+if (rllen<0)`
`655`	`661`	`ereport(ERROR,`
`656`	`662`	`(errcode_for_file_access(),`
`657`	`663`	`errmsg("could not read symbolic link \"%s\": %m",`
`658`	`664`	`pathbuf)));`
	`665`	`+if (rllen >=sizeof(linkpath))`
	`666`	`+ereport(ERROR,`
	`667`	`+(errmsg("symbolic link \"%s\" target is too long",`
	`668`	`+pathbuf)));`
	`669`	`+linkpath[rllen]='\0';`
	`670`	`+`
`659`	`671`	`if (!sizeonly)`
`660`	`672`	`_tarWriteHeader(pathbuf+basepathlen+1,linkpath,&statbuf);`
`661`	`673`	`size+=512;/* Size of the header just added */`
	`674`	`+#else`
	`675`	`+/*`
	`676`	`+ * If the platform does not have symbolic links, it should not be`
	`677`	`+ * possible to have tablespaces - clearly somebody else created`
	`678`	`+ * them. Warn about it and ignore.`
	`679`	`+ */`
	`680`	`+ereport(WARNING,`
	`681`	`+(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),`
	`682`	`+errmsg("tablespaces are not supported on this platform")));`
	`683`	`+continue;`
	`684`	`+#endif/* HAVE_READLINK */`
`662`	`685`	`}`
`663`	`686`	`elseif (S_ISDIR(statbuf.st_mode))`
`664`	`687`	`{`
`@@ -806,7 +829,8 @@ sendFile(char readfilename, char tarfilename, struct stat * statbuf)`
`806`	`829`
`807`	`830`
`808`	`831`	`staticvoid`
`809`		`-_tarWriteHeader(constcharfilename,charlinktarget,structstat*statbuf)`
	`832`	`+_tarWriteHeader(constcharfilename,constcharlinktarget,`
	`833`	`+structstat*statbuf)`
`810`	`834`	`{`
`811`	`835`	`charh[512];`
`812`	`836`	`intlastSum=0;`
`@@ -854,7 +878,7 @@ _tarWriteHeader(const char filename, char linktarget, struct stat * statbuf)`
`854`	`878`	`{`
`855`	`879`	`/* Type - Symbolic link */`
`856`	`880`	`sprintf(&h[156],"2");`
`857`		`-strcpy(&h[157],linktarget);`
	`881`	`+sprintf(&h[157],"%.99s",linktarget);`
`858`	`882`	`}`
`859`	`883`	`elseif (S_ISDIR(statbuf->st_mode))`
`860`	`884`	`/* Type - directory */`

`‎src/backend/utils/adt/misc.c`

Lines changed: 8 additions & 4 deletions

Original file line number	Diff line number	Diff line change
`@@ -274,7 +274,7 @@ pg_tablespace_location(PG_FUNCTION_ARGS)`
`274`	`274`	`intrllen;`
`275`	`275`
`276`	`276`	`/*`
`277`		`- * Return empty string for ourtwodefaulttablespace`
	`277`	`+ * Return empty string for our defaulttablespaces`
`278`	`278`	`*/`
`279`	`279`	`if (tablespaceOid==DEFAULTTABLESPACE_OID\|\|`
`280`	`280`	`tablespaceOid==GLOBALTABLESPACE_OID)`
`@@ -286,20 +286,24 @@ pg_tablespace_location(PG_FUNCTION_ARGS)`
`286`	`286`	`* in pg_tblspc/<oid>.`
`287`	`287`	`*/`
`288`	`288`	`snprintf(sourcepath,sizeof(sourcepath),"pg_tblspc/%u",tablespaceOid);`
`289`		`-rllen=readlink(sourcepath,targetpath,sizeof(targetpath));`
	`289`	`+`
	`290`	`+rllen=readlink(sourcepath,targetpath,sizeof(targetpath));`
`290`	`291`	`if (rllen<0)`
`291`	`292`	`ereport(ERROR,`
`292`		`-(errmsg("could not read symbolic link \"%s\": %m",sourcepath)));`
	`293`	`+(errmsg("could not read symbolic link \"%s\": %m",`
	`294`	`+sourcepath)));`
`293`	`295`	`elseif (rllen >=sizeof(targetpath))`
`294`	`296`	`ereport(ERROR,`
`295`		`-(errmsg("symbolic link \"%s\" target is too long",sourcepath)));`
	`297`	`+(errmsg("symbolic link \"%s\" target is too long",`
	`298`	`+sourcepath)));`
`296`	`299`	`targetpath[rllen]='\0';`
`297`	`300`
`298`	`301`	`PG_RETURN_TEXT_P(cstring_to_text(targetpath));`
`299`	`302`	`#else`
`300`	`303`	`ereport(ERROR,`
`301`	`304`	`(errcode(ERRCODE_FEATURE_NOT_SUPPORTED),`
`302`	`305`	`errmsg("tablespaces are not supported on this platform")));`
	`306`	`+PG_RETURN_NULL();`
`303`	`307`	`#endif`
`304`	`308`	`}`
`305`	`309`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Commit0d0ec52

File tree

2 files changed

2 files changed

`‎src/backend/replication/basebackup.c`

`‎src/backend/utils/adt/misc.c`

0 commit comments