Re: [Pgpool-hackers] [Pgpool-committers] pgpool - pgpool-II: Major cleanup for strncpy().

Wed, 12 Oct 2011 23:13:43 -0700 

I did major cleanup regarding questionable usage of strncpy() as
stated below. Most of them are harmless since database names and
tables names aren't that large to raise my concern. Probably the worst
one is this:

        strncpy(query_string_buffer, query, sizeof(query_string_buffer));

"query" represents user supplied SQL. It is possible that machine
generated query gets far bigger than sizeof(query_string_buffer)
(which is 1024 bytes) in the real world. I'm not sure if this has
actually caused problems but...
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp

From: t-is...@pgfoundry.org (User T-ishii)
Subject: [Pgpool-committers] pgpool - pgpool-II: Major cleanup for strncpy().
Date: Thu, 13 Oct 2011 06:05:38 +0000 (UTC)
Message-ID: <20111013060538.409a7532d...@pgfoundry.org>

> Log Message:
> -----------
> Major cleanup for strncpy(). There are several places where
> strncpy() is used. Problem is some of them do no consider the case
> when copy lengh == buffer size. In this case copied buffer is not
> null terminated and may cause tons of problems later.
> To fix this, most of them are replaced by strlcpy().
> 
> Modified Files:
> --------------
>     pgpool-II:
>         Makefile.am (r1.60 -> r1.61)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/Makefile.am?r1=1.60&r2=1.61)
>         Makefile.in (r1.64 -> r1.65)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/Makefile.in?r1=1.64&r2=1.65)
>         main.c (r1.114 -> r1.115)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/main.c?r1=1.114&r2=1.115)
>         pg_md5.c (r1.12 -> r1.13)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pg_md5.c?r1=1.12&r2=1.13)
>         pool_auth.c (r1.30 -> r1.31)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_auth.c?r1=1.30&r2=1.31)
>         pool_config.c (r1.67 -> r1.68)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_config.c?r1=1.67&r2=1.68)
>         pool_config.l (r1.61 -> r1.62)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_config.l?r1=1.61&r2=1.62)
>         pool_proto_modules.c (r1.110 -> r1.111)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_proto_modules.c?r1=1.110&r2=1.111)
>         pool_relcache.c (r1.14 -> r1.15)
>         
> (http://cvs.pgfoundry.org/cgi-bin/cvsweb.cgi/pgpool/pgpool-II/pool_relcache.c?r1=1.14&r2=1.15)
> _______________________________________________
> Pgpool-committers mailing list
> pgpool-committ...@pgfoundry.org
> http://pgfoundry.org/mailman/listinfo/pgpool-committers
_______________________________________________
Pgpool-hackers mailing list
Pgpool-hackers@pgfoundry.org
http://pgfoundry.org/mailman/listinfo/pgpool-hackers

Reply via email to