Changeset: 951bf06af800 for MonetDB
URL: http://dev.monetdb.org/hg/MonetDB?cmd=changeset;node=951bf06af800
Modified Files:
MonetDB/src/gdk/gdk_bbp.mx
Branch: Oct2010
Log Message:
Convert some strcpy/strcat to strncpy/sprintf.
Fixed an actual bug where buffer overflow could occur if somebody
creates a file with a very long name in the dbfarm.
diffs (88 lines):
diff -r 9838f722d598 -r 951bf06af800 MonetDB/src/gdk/gdk_bbp.mx
--- a/MonetDB/src/gdk/gdk_bbp.mx Fri Jan 14 14:52:08 2011 +0100
+++ b/MonetDB/src/gdk/gdk_bbp.mx Fri Jan 14 15:29:04 2011 +0100
@@ -3437,12 +3437,10 @@
*/
@c
static int
-file_move(str srcdir, str dstdir, str name, str e)
+file_move(str srcdir, str dstdir, str name, str ext)
{
- long_str ext;
int ret = 0;
- strcpy(ext, e);
ret = GDKmove(srcdir, name, ext, dstdir, name, ext);
if (ret == 0) {
return 0;
@@ -3497,8 +3495,7 @@
long_str kill_ext;
long_str path;
- strcpy(kill_ext, ext);
- strcat(kill_ext, ".kill");
+ snprintf(kill_ext, sizeof(kill_ext), "%s.kill", ext);
GDKfilepath(path, dstdir, nme, kill_ext);
fp = fopen(path, "w");
IODEBUG THRprintf(GDKout, "#open %s = %d\n", path, fp ? 0 : -1);
@@ -3599,7 +3596,8 @@
s = strrchr(srcdir, DIR_SEP);
if (!s)
return -1;
- strcpy(nme, ++s);
+ strncpy(nme, ++s, sizeof(nme));
+ nme[sizeof(nme) - 1] = 0;
srcdir[s - srcdir] = 0;
@= backup
@@ -3631,8 +3629,7 @@
}
if (subcommit && (@2->storage == STORE_PRIV ||
@2->newstorage == STORE_PRIV)) {
long_str kill_ext;
- strcpy(kill_ext, ext);
- strcat(kill_ext, ".new.kill");
+ snprintf(kill_ext, sizeof(kill_ext), "%s.new.kill",
ext);
if (file_exists(BAKDIR, nme, kill_ext)) {
ret |= file_move(BAKDIR, SUBDIR, nme, kill_ext);
}
@@ -3997,15 +3994,20 @@
struct dirent *dent;
long_str fullname;
str dst = fullname;
+ size_t dstlen = sizeof(fullname);
const char *src = parent;
if (dirp == NULL)
return -1; /* nothing to do */
- while (*src)
+ while (*src) {
*dst++ = *src++;
- if (dst[-1] != DIR_SEP)
+ dstlen--;
+ }
+ if (dst > fullname && dst[-1] != DIR_SEP) {
*dst++ = DIR_SEP;
+ dstlen--;
+ }
while ((dent = readdir(dirp)) != NULL) {
str p;
@@ -4027,7 +4029,16 @@
ok = p && bid;
delete = FALSE;
- strcpy(dst, dent->d_name);
+ if (strlen(dent->d_name) >= dstlen) {
+ /* found a file with too long a name
+ (i.e. unknown); stop pruning in this
+ subdir */
+ IODEBUG THRprintf(GDKout, "BBPdiskscan: unexpected file
%s, leaving %s.\n", dent->d_name, parent);
+ break;
+ }
+ strncpy(dst, dent->d_name, dstlen);
+ fullname[sizeof(fullname) - 1] = 0;
+
if (p == NULL && BBPdiskscan(fullname) == 0) {
/* it was a directory */
continue;
_______________________________________________
Checkin-list mailing list
Checkin-list@monetdb.org
http://mail.monetdb.org/mailman/listinfo/checkin-list
