From: | Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
---|---|
To: | Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> |
Cc: | Peter Smith <smithpb2250(at)gmail(dot)com>, vignesh C <vignesh21(at)gmail(dot)com>, "tanghy(dot)fnst(at)fujitsu(dot)com" <tanghy(dot)fnst(at)fujitsu(dot)com>, Ajin Cherian <itsajin(at)gmail(dot)com>, Greg Nancarrow <gregn4422(at)gmail(dot)com>, PostgreSQL Hackers <pgsql-hackers(at)postgresql(dot)org> |
Subject: | Re: [HACKERS] logical decoding of two-phase transactions |
Date: | 2021-07-18 20:25:23 |
Message-ID: | 161029.1626639923@sss.pgh.pa.us |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-hackers |
Amit Kapila <amit(dot)kapila16(at)gmail(dot)com> writes:
> Pushed.
Coverity thinks this has security issues, and I agree.
/srv/coverity/git/pgsql-git/postgresql/src/backend/replication/logical/proto.c: 144 in logicalrep_read_begin_prepare()
143 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487517: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "begin_data->gid" by copying the return value of "pq_getmsgstring" without checking the length.
144 strcpy(begin_data->gid, pq_getmsgstring(in));
200 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487515: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "prepare_data->gid" by copying the return value of "pq_getmsgstring" without checking the length.
201 strcpy(prepare_data->gid, pq_getmsgstring(in));
256 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487516: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "prepare_data->gid" by copying the return value of "pq_getmsgstring" without checking the length.
257 strcpy(prepare_data->gid, pq_getmsgstring(in));
316 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487519: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "rollback_data->gid" by copying the return value of "pq_getmsgstring" without checking the length.
317 strcpy(rollback_data->gid, pq_getmsgstring(in));
I think you'd be way better off making the gid fields be "char *"
and pstrdup'ing the result of pq_getmsgstring. Another possibility
perhaps is to use strlcpy, but I'd only go that way if it's important
to constrain the received strings to 200 bytes.
regards, tom lane
From | Date | Subject | |
---|---|---|---|
Next Message | Michael Paquier | 2021-07-18 22:06:15 | Re: Failure with 004_logrotate in prairiedog |
Previous Message | Alexander Korotkov | 2021-07-18 18:20:32 | Re: unnesting multirange data types |