[Pgpool-hackers] [Pgpool-committers] pgpool - pgpool-II: Major cleanup for strncpy().

Tatsuo Ishii ishii at sraoss.co.jp
Thu Oct 13 06:13:19 UTC 2011 

I did major cleanup regarding questionable usage of strncpy() as
stated below. Most of them are harmless since database names and
tables names aren't that large to raise my concern. Probably the worst
one is this:

	strncpy(query_string_buffer, query, sizeof(query_string_buffer));

"query" represents user supplied SQL. It is possible that machine
generated query gets far bigger than sizeof(query_string_buffer)
(which is 1024 bytes) in the real world. I'm not sure if this has
actually caused problems but...
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

From: t-ishii at pgfoundry.org (User T-ishii)
Subject: [Pgpool-committers] pgpool - pgpool-II: Major cleanup for strncpy().
Date: Thu, 13 Oct 2011 06:05:38 +0000 (UTC)
Message-ID: <20111013060538.409A7532DE3C at pgfoundry.org>

> Log Message:
> -----------
> Major cleanup for strncpy(). There are several places where
> strncpy() is used. Problem is some of them do no consider the case
> when copy lengh == buffer size. In this case copied buffer is not
> null terminated and may cause tons of problems later.
> To fix this, most of them are replaced by strlcpy().
> 
> Modified Files:
> --------------
>     pgpool-II:
>         Makefile.am (r1.60 -> r1.61)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/Makefile.am?r1=1.60&r2=1.61)
>         Makefile.in (r1.64 -> r1.65)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/Makefile.in?r1=1.64&r2=1.65)
>         main.c (r1.114 -> r1.115)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/main.c?r1=1.114&r2=1.115)
>         pg_md5.c (r1.12 -> r1.13)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pg_md5.c?r1=1.12&r2=1.13)
>         pool_auth.c (r1.30 -> r1.31)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_auth.c?r1=1.30&r2=1.31)
>         pool_config.c (r1.67 -> r1.68)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_config.c?r1=1.67&r2=1.68)
>         pool_config.l (r1.61 -> r1.62)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_config.l?r1=1.61&r2=1.62)
>         pool_proto_modules.c (r1.110 -> r1.111)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_proto_modules.c?r1=1.110&r2=1.111)
>         pool_relcache.c (r1.14 -> r1.15)
>         (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_relcache.c?r1=1.14&r2=1.15)
> _______________________________________________
> Pgpool-committers mailing list
> Pgpool-committers at pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pgpool-committers

More information about the Pgpool-hackers mailing list