Amit Kapila <[email protected]> writes:
> Pushed.
Coverity thinks this has security issues, and I agree.
/srv/coverity/git/pgsql-git/postgresql/src/backend/replication/logical/proto.c:
144 in logicalrep_read_begin_prepare()
143 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487517: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "begin_data->gid"
>>> by copying the return value of "pq_getmsgstring" without checking the
>>> length.
144 strcpy(begin_data->gid, pq_getmsgstring(in));
200 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487515: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string
>>> "prepare_data->gid" by copying the return value of "pq_getmsgstring"
>>> without checking the length.
201 strcpy(prepare_data->gid, pq_getmsgstring(in));
256 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487516: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string
>>> "prepare_data->gid" by copying the return value of "pq_getmsgstring"
>>> without checking the length.
257 strcpy(prepare_data->gid, pq_getmsgstring(in));
316 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487519: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string
>>> "rollback_data->gid" by copying the return value of "pq_getmsgstring"
>>> without checking the length.
317 strcpy(rollback_data->gid, pq_getmsgstring(in));
I think you'd be way better off making the gid fields be "char *"
and pstrdup'ing the result of pq_getmsgstring. Another possibility
perhaps is to use strlcpy, but I'd only go that way if it's important
to constrain the received strings to 200 bytes.
regards, tom lane
