database/postgres
1
0
Fork 0
mirror of https://github.com/postgres/postgres.git synced 2025-07-30 11:03:19 +03:00
Code Activity

Replace a few strncmp() calls with strlcpy().

Browse Source 
strncmp() is a specialized API unsuited for routine copying into
fixed-size buffers.  On a system where the length of a single filename
can exceed MAXPGPATH, the pg_archivecleanup change prevents a simple
crash in the subsequent strlen().  Few filesystems support names that
long, and calling pg_archivecleanup with untrusted input is still not a
credible use case.  Therefore, no back-patch.

David Rowley
This commit is contained in:
Noah Misch
2014-08-18 22:59:31 -04:00
parent 7fc5f1a355
commit fb2aece8ae
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
contrib/pg_archivecleanup/pg_archivecleanup.c
View File

@ -108,7 +108,12 @@ CleanupPriorWALFiles(void)
{
while (errno = 0, (xlde = readdir(xldir)) != NULL)
{
strncpy(walfile, xlde->d_name, MAXPGPATH);
/*
* Truncation is essentially harmless, because we skip names of
* length other than XLOG_DATA_FNAME_LEN. (In principle, one
* could use a 1000-character additional_ext and get trouble.)
*/
strlcpy(walfile, xlde->d_name, MAXPGPATH);
TrimExtension(walfile, additional_ext);
/*