Amit Kapila <amit.kapila16@gmail.com> writes:
> Pushed.
Coverity thinks this has security issues, and I agree.
/srv/coverity/git/pgsql-git/postgresql/src/backend/replication/logical/proto.c: 144 in logicalrep_read_begin_prepare()
143 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487517: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "begin_data->gid" by copying the return value of
"pq_getmsgstring"without checking the length.
144 strcpy(begin_data->gid, pq_getmsgstring(in));
200 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487515: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "prepare_data->gid" by copying the return value of
"pq_getmsgstring"without checking the length.
201 strcpy(prepare_data->gid, pq_getmsgstring(in));
256 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487516: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "prepare_data->gid" by copying the return value of
"pq_getmsgstring"without checking the length.
257 strcpy(prepare_data->gid, pq_getmsgstring(in));
316 /* read gid (copy it into a pre-allocated buffer) */
>>> CID 1487519: Security best practices violations (STRING_OVERFLOW)
>>> You might overrun the 200-character fixed-size string "rollback_data->gid" by copying the return value of
"pq_getmsgstring"without checking the length.
317 strcpy(rollback_data->gid, pq_getmsgstring(in));
I think you'd be way better off making the gid fields be "char *"
and pstrdup'ing the result of pq_getmsgstring. Another possibility
perhaps is to use strlcpy, but I'd only go that way if it's important
to constrain the received strings to 200 bytes.
regards, tom lane