[pgpool-hackers: 108] Reviewing watchdog source code

Tatsuo Ishii ishii at postgresql.org
Fri Aug 17 12:03:20 JST 2012


Hi,

I took a look at watchdog/ source codes and found some issues:

1) unsafe usage of sprintf()

   Example: in watchdog.c

	char path[128];
	char cmd[128];
	:
	:
	sprintf(path,"%s/%s",pool_config->ifconfig_path,cmd);

	If string length of pool_config->ifconfig_path plus cmd is greater
	than 127, either non null terminated string will be created or
	buffer overrun problem will occur.

	I think we should avoid using sprintf(), and should use snprintf().

2) Unsafe use of strncpy()

   In wd_if.c:

   	strncpy(buf,command,sizeof(buf));

	If the string length of command is greater or equal to
	sizeof(buf), the copied string in buf wiil not be null terminated.

	I recommend to use strlcpy() instead or change the line to:

   	strncpy(buf,command,sizeof(buf)-1);
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese: http://www.sraoss.co.jp


More information about the pgpool-hackers mailing list