Skip site navigation (1) Skip section navigation (2)

Re: reading uninitialized buffer

From: Andrew Dunstan <andrew(at)dunslane(dot)net>
To: pgsql-patches(at)postgresql(dot)org
Subject: Re: reading uninitialized buffer
Date: 2004-02-01 13:35:15
Message-ID: 401D0093.8080100@dunslane.net (view raw or flat)
Thread:
Lists: pgsql-patches
This time it is my fault, rather than freebsd's ;-)

I think I can do something slightly cleaner than this, though, by 
hoisting the buf termination above the test. We could also replace the 
strncmp calls with strcmp calls if the buffer has its nul. I will post 
something soon.

cheers

andrew


Dennis Bjorklund wrote:

>I've been testing pg using valgrind and have found a read of an
>uninitialized buffer. In the hba-tokenizer when we have not read any
>characters (or too few) we still perform a couple of:
>
>   strncmp(start_buf,"sameuser",8)
>
>Since this is done on random data it might return true although we have
>not read anything. The result is that we can (even if the probability is
>low) return the wrong thing.
>
>The solution is simply to terminate the buffer with '\0' before the 
>strncmp().
>
>I also moved our test inside the previous if, outside of that block our
>test can never be true anyway. I don't know why it was outside in the 
>first place.
>
>  
>
>------------------------------------------------------------------------
>
>Index: src/backend/libpq/hba.c
>===================================================================
>RCS file: /cvsroot/pgsql-server/src/backend/libpq/hba.c,v
>retrieving revision 1.119
>diff -u -c -r1.119 hba.c
>*** src/backend/libpq/hba.c	25 Dec 2003 03:44:04 -0000	1.119
>--- src/backend/libpq/hba.c	1 Feb 2004 07:40:00 -0000
>***************
>*** 166,188 ****
>  		 */
>  		if (c != EOF)
>  			ungetc(c, fp);
>- 	}
>  
>  
>! 	if ( !saw_quote && 
>! 	     (
>! 			 strncmp(start_buf,"all",3) == 0  ||
>! 			 strncmp(start_buf,"sameuser",8) == 0  ||
>! 			 strncmp(start_buf,"samegroup",9) == 0 
>! 		 )
>! 		)
>! 	{
>! 		/* append newline to a magical keyword */
>! 		*buf++ = '\n';
>  	}
>  
>  	*buf = '\0';
>- 
>  }
>  
>  /*
>--- 166,188 ----
>  		 */
>  		if (c != EOF)
>  			ungetc(c, fp);
>  
>+ 		if (!saw_quote)
>+ 		{
>+ 			*buf = '\0';
>  
>! 			if (strncmp(start_buf,"all",3) == 0  ||
>! 				strncmp(start_buf,"sameuser",8) == 0  ||
>! 				strncmp(start_buf,"samegroup",9) == 0 
>! 				)
>! 			{
>! 				/* append newline to a magical keyword */
>! 				*buf++ = '\n';
>! 			}
>! 		}
>  	}
>  
>  	*buf = '\0';
>  }
>  
>  /*
>  
>
>------------------------------------------------------------------------
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 8: explain analyze is your friend
>  
>


In response to

Responses

pgsql-patches by date

Next:From: Andrew DunstanDate: 2004-02-01 14:20:28
Subject: Re: reading uninitialized buffer
Previous:From: Nicolai TufarDate: 2004-02-01 09:29:53
Subject: C locale sort in src/tools/make_ctags

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group