[Pgpool-hackers] [Pgpool-committers] pgpool - pgpool-II: Major cleanup for strncpy().
Tatsuo Ishii
ishii at sraoss.co.jp
Thu Oct 13 07:09:37 UTC 2011
> On Thu, 13 Oct 2011 15:13:19 +0900 (JST), Tatsuo Ishii
> <ishii at sraoss.co.jp> wrote:
>> I did major cleanup regarding questionable usage of strncpy() as
>> stated below. Most of them are harmless since database names and
>> tables names aren't that large to raise my concern. Probably the worst
>> one is this:
>>
>> strncpy(query_string_buffer, query, sizeof(query_string_buffer));
>>
>> "query" represents user supplied SQL. It is possible that machine
>> generated query gets far bigger than sizeof(query_string_buffer)
>> (which is 1024 bytes) in the real world. I'm not sure if this has
>> actually caused problems but...
>
> I sure had a number of customers and users with more than 1024 characters
> queries. They weren't pgpool users but they could have been. It was a
> problem to fix.
Yes, I think the fix should be back patched. However the fix is not
subtle, I'm hestitated to do that without more eyeballs or testings.
Included is the patch. Please test it if you like.
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: strncpy.patch
Type: text/x-patch
Size: 17913 bytes
Desc: not available
URL: <http://pgfoundry.org/pipermail/pgpool-hackers/attachments/20111013/f77d555f/attachment-0001.bin>
More information about the Pgpool-hackers
mailing list