Replace a few strncmp() calls with strlcpy().
strncmp() is a specialized API unsuited for routine copying into fixed-size buffers. On a system where the length of a single filename can exceed MAXPGPATH, the pg_archivecleanup change prevents a simple crash in the subsequent strlen(). Few filesystems support names that long, and calling pg_archivecleanup with untrusted input is still not a credible use case. Therefore, no back-patch. David Rowley
This commit is contained in:
parent
7fc5f1a355
commit
fb2aece8ae
@ -108,7 +108,12 @@ CleanupPriorWALFiles(void)
|
||||
{
|
||||
while (errno = 0, (xlde = readdir(xldir)) != NULL)
|
||||
{
|
||||
strncpy(walfile, xlde->d_name, MAXPGPATH);
|
||||
/*
|
||||
* Truncation is essentially harmless, because we skip names of
|
||||
* length other than XLOG_DATA_FNAME_LEN. (In principle, one
|
||||
* could use a 1000-character additional_ext and get trouble.)
|
||||
*/
|
||||
strlcpy(walfile, xlde->d_name, MAXPGPATH);
|
||||
TrimExtension(walfile, additional_ext);
|
||||
|
||||
/*
|
||||
|
@ -459,7 +459,8 @@ KeepFileRestoredFromArchive(char *path, char *xlogfname)
|
||||
xlogfpath, oldpath)));
|
||||
}
|
||||
#else
|
||||
strncpy(oldpath, xlogfpath, MAXPGPATH);
|
||||
/* same-size buffers, so this never truncates */
|
||||
strlcpy(oldpath, xlogfpath, MAXPGPATH);
|
||||
#endif
|
||||
if (unlink(oldpath) != 0)
|
||||
ereport(FATAL,
|
||||
|
Loading…
x
Reference in New Issue
Block a user