From fb2aece8ae4e6f23310d7c87c7da3fec6f5df3a1 Mon Sep 17 00:00:00 2001 From: Noah Misch Date: Mon, 18 Aug 2014 22:59:31 -0400 Subject: Replace a few strncmp() calls with strlcpy(). strncmp() is a specialized API unsuited for routine copying into fixed-size buffers. On a system where the length of a single filename can exceed MAXPGPATH, the pg_archivecleanup change prevents a simple crash in the subsequent strlen(). Few filesystems support names that long, and calling pg_archivecleanup with untrusted input is still not a credible use case. Therefore, no back-patch. David Rowley --- src/backend/access/transam/xlogarchive.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/backend/access/transam/xlogarchive.c b/src/backend/access/transam/xlogarchive.c index 37745dce890..047efa2672f 100644 --- a/src/backend/access/transam/xlogarchive.c +++ b/src/backend/access/transam/xlogarchive.c @@ -459,7 +459,8 @@ KeepFileRestoredFromArchive(char *path, char *xlogfname) xlogfpath, oldpath))); } #else - strncpy(oldpath, xlogfpath, MAXPGPATH); + /* same-size buffers, so this never truncates */ + strlcpy(oldpath, xlogfpath, MAXPGPATH); #endif if (unlink(oldpath) != 0) ereport(FATAL, -- cgit v1.2.3