Replace a few strncmp() calls with strlcpy(). strncmp() is a specialized API unsuited for routine copying into fixed-size buffers. On a system where the length of a single filename can exceed MAXPGPATH, the pg_archivecleanup change prevents a simple crash in the subsequent strlen(). Few filesystems support names that long, and calling pg_archivecleanup with untrusted input is still not a credible use case. Therefore, no back-patch.
David Rowley Branch ------ master Details ------- http://git.postgresql.org/pg/commitdiff/fb2aece8ae4e6f23310d7c87c7da3fec6f5df3a1 Modified Files -------------- contrib/pg_archivecleanup/pg_archivecleanup.c | 7 ++++++- src/backend/access/transam/xlogarchive.c | 3 ++- 2 files changed, 8 insertions(+), 2 deletions(-) -- Sent via pgsql-committers mailing list ([email protected]) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-committers
