MonetDB: Mar2025 - Check dbpath and dbextra pathname length earl...

Fri, 30 May 2025 10:32:47 -0700 

Changeset: 4ab4b91892e2 for MonetDB
URL: https://dev.monetdb.org/hg/MonetDB/rev/4ab4b91892e2
Modified Files:
        tools/mserver/mserver5.c
Branch: Mar2025
Log Message:

Check dbpath and dbextra pathname length early; make abs path of dbextra.
If the --dbextra argument is not an absolute path name, we accepted
that, but later on failed when trying to use it.
Also, by limiting the length of both dbpath and dbextra, we can be
sure that later on we don't get errors about path names being too
long.


diffs (52 lines):

diff --git a/tools/mserver/mserver5.c b/tools/mserver/mserver5.c
--- a/tools/mserver/mserver5.c
+++ b/tools/mserver/mserver5.c
@@ -430,20 +430,41 @@ main(int argc, char **av)
                                                   || optarg[optarglen - 1] == 
'\\'))
                                        optarg[--optarglen] = '\0';
                                dbpath = absolute_path(optarg);
-                               if (dbpath == NULL)
+                               if (dbpath == NULL) {
                                        fprintf(stderr,
                                                        "#error: can not 
allocate memory for dbpath\n");
-                               else
-                                       setlen = mo_add_option(&set, setlen, 
opt_cmdline,
-                                                                               
   "gdk_dbpath", dbpath);
+                                       exit(1);
+                               }
+                               if (strlen(dbpath) >= FILENAME_MAX - 45) {
+                                       fprintf(stderr, "#error: dbpath name 
too long\n");
+                                       exit(1);
+                               }
+                               setlen = mo_add_option(&set, setlen, 
opt_cmdline,
+                                                                          
"gdk_dbpath", dbpath);
                                break;
                        }
                        if (strcmp(long_options[option_index].name, "dbextra") 
== 0) {
-                               if (dbextra)
+                               if (dbextra) {
                                        fprintf(stderr,
                                                        "#warning: ignoring 
multiple --dbextra arguments\n");
-                               else
-                                       dbextra = optarg;
+                                       break;
+                               }
+                               size_t optarglen = strlen(optarg);
+                               /* remove trailing directory separator */
+                               while (optarglen > 0
+                                          && (optarg[optarglen - 1] == '/'
+                                                  || optarg[optarglen - 1] == 
'\\'))
+                                       optarg[--optarglen] = '\0';
+                               dbextra = absolute_path(optarg);
+                               if (dbextra == NULL) {
+                                       fprintf(stderr,
+                                                       "#error: can not 
allocate memory for dbextra\n");
+                                       exit(1);
+                               }
+                               if (strlen(dbextra) >= FILENAME_MAX - 45) {
+                                       fprintf(stderr, "#error: dbextra name 
too long\n");
+                                       exit(1);
+                               }
                                break;
                        }
 
_______________________________________________
checkin-list mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to