summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNoah Misch2014-08-19 02:59:31 +0000
committerNoah Misch2014-08-19 02:59:31 +0000
commitfb2aece8ae4e6f23310d7c87c7da3fec6f5df3a1 (patch)
tree78dfd07962f4a43f8b23ad8613441a3a018236a5
parent7fc5f1a3550ca9395051b592df150de79804131a (diff)
Replace a few strncmp() calls with strlcpy().
strncmp() is a specialized API unsuited for routine copying into fixed-size buffers. On a system where the length of a single filename can exceed MAXPGPATH, the pg_archivecleanup change prevents a simple crash in the subsequent strlen(). Few filesystems support names that long, and calling pg_archivecleanup with untrusted input is still not a credible use case. Therefore, no back-patch. David Rowley
-rw-r--r--contrib/pg_archivecleanup/pg_archivecleanup.c7
-rw-r--r--src/backend/access/transam/xlogarchive.c3
2 files changed, 8 insertions, 2 deletions
diff --git a/contrib/pg_archivecleanup/pg_archivecleanup.c b/contrib/pg_archivecleanup/pg_archivecleanup.c
index 212b267fcf..97225a81a7 100644
--- a/contrib/pg_archivecleanup/pg_archivecleanup.c
+++ b/contrib/pg_archivecleanup/pg_archivecleanup.c
@@ -108,7 +108,12 @@ CleanupPriorWALFiles(void)
{
while (errno = 0, (xlde = readdir(xldir)) != NULL)
{
- strncpy(walfile, xlde->d_name, MAXPGPATH);
+ /*
+ * Truncation is essentially harmless, because we skip names of
+ * length other than XLOG_DATA_FNAME_LEN. (In principle, one
+ * could use a 1000-character additional_ext and get trouble.)
+ */
+ strlcpy(walfile, xlde->d_name, MAXPGPATH);
TrimExtension(walfile, additional_ext);
/*
diff --git a/src/backend/access/transam/xlogarchive.c b/src/backend/access/transam/xlogarchive.c
index 37745dce89..047efa2672 100644
--- a/src/backend/access/transam/xlogarchive.c
+++ b/src/backend/access/transam/xlogarchive.c
@@ -459,7 +459,8 @@ KeepFileRestoredFromArchive(char *path, char *xlogfname)
xlogfpath, oldpath)));
}
#else
- strncpy(oldpath, xlogfpath, MAXPGPATH);
+ /* same-size buffers, so this never truncates */
+ strlcpy(oldpath, xlogfpath, MAXPGPATH);
#endif
if (unlink(oldpath) != 0)
ereport(FATAL,