From: Jeremy Sowden <jeremy@azazel.net>
To: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [ulogd2 PATCH 20/26] output: SQLITE3: Fix string truncation warnings and possible buffer overruns.
Date: Sat, 30 Oct 2021 17:44:26 +0100 [thread overview]
Message-ID: <20211030164432.1140896-21-jeremy@azazel.net> (raw)
In-Reply-To: <20211030164432.1140896-1-jeremy@azazel.net>
Extend name length to match input key.
Replace strncpy with snprintf.
Remove intermediate buffers.
Leave `field->name` with underscores: we can get the key-name from
`field->key->name`.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
output/sqlite3/ulogd_output_SQLITE3.c | 38 +++++++++++----------------
1 file changed, 16 insertions(+), 22 deletions(-)
diff --git a/output/sqlite3/ulogd_output_SQLITE3.c b/output/sqlite3/ulogd_output_SQLITE3.c
index 20ceb3b5d6e2..053d7a3b0238 100644
--- a/output/sqlite3/ulogd_output_SQLITE3.c
+++ b/output/sqlite3/ulogd_output_SQLITE3.c
@@ -48,7 +48,7 @@
struct field {
TAILQ_ENTRY(field) link;
- char name[ULOGD_MAX_KEYLEN];
+ char name[ULOGD_MAX_KEYLEN + 1];
struct ulogd_key *key;
};
@@ -214,8 +214,6 @@ sqlite3_createstmt(struct ulogd_pluginstance *pi)
{
struct sqlite3_priv *priv = (void *)pi->private;
struct field *f;
- char buf[ULOGD_MAX_KEYLEN];
- char *underscore;
char *stmt_pos;
int i, cols = 0;
@@ -231,12 +229,7 @@ sqlite3_createstmt(struct ulogd_pluginstance *pi)
stmt_pos = priv->stmt + strlen(priv->stmt);
tailq_for_each(f, priv->fields, link) {
- strncpy(buf, f->name, ULOGD_MAX_KEYLEN);
-
- while ((underscore = strchr(buf, '.')))
- *underscore = '_';
-
- sprintf(stmt_pos, "%s,", buf);
+ sprintf(stmt_pos, "%s,", f->name);
stmt_pos = priv->stmt + strlen(priv->stmt);
cols++;
@@ -273,10 +266,15 @@ sqlite3_createstmt(struct ulogd_pluginstance *pi)
static struct ulogd_key *
ulogd_find_key(struct ulogd_pluginstance *pi, const char *name)
{
+ char key_name[ULOGD_MAX_KEYLEN + 1] = "";
unsigned int i;
+ /* replace all underscores with dots */
+ for (i = 0; i < sizeof(key_name) && name[i]; ++i)
+ key_name[i] = name[i] != '_' ? name[i] : '.';
+
for (i = 0; i < pi->input.num_keys; i++) {
- if (strcmp(pi->input.keys[i].name, name) == 0)
+ if (strcmp(pi->input.keys[i].name, key_name) == 0)
return &pi->input.keys[i];
}
@@ -305,9 +303,6 @@ static int
sqlite3_init_db(struct ulogd_pluginstance *pi)
{
struct sqlite3_priv *priv = (void *)pi->private;
- char buf[ULOGD_MAX_KEYLEN];
- char *underscore;
- struct field *f;
sqlite3_stmt *schema_stmt;
int col, num_cols;
@@ -327,23 +322,22 @@ sqlite3_init_db(struct ulogd_pluginstance *pi)
}
for (col = 0; col < num_cols; col++) {
- strncpy(buf, sqlite3_column_name(schema_stmt, col), ULOGD_MAX_KEYLEN);
-
- /* replace all underscores with dots */
- while ((underscore = strchr(buf, '_')) != NULL)
- *underscore = '.';
-
- DEBUGP("field '%s' found\n", buf);
+ struct field *f;
/* prepend it to the linked list */
if ((f = calloc(1, sizeof(struct field))) == NULL) {
ulogd_log(ULOGD_ERROR, "SQLITE3: out of memory\n");
return -1;
}
- strncpy(f->name, buf, ULOGD_MAX_KEYLEN);
+ snprintf(f->name, sizeof(f->name),
+ "%s", sqlite3_column_name(schema_stmt, col));
- if ((f->key = ulogd_find_key(pi, buf)) == NULL)
+ DEBUGP("field '%s' found\n", f->name);
+
+ if ((f->key = ulogd_find_key(pi, f->name)) == NULL) {
+ free(f);
return -1;
+ }
TAILQ_INSERT_TAIL(&priv->fields, f, link);
}
--
2.33.0
next prev parent reply other threads:[~2021-10-30 17:11 UTC|newest]
Thread overview: 31+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-30 16:44 [ulogd2 PATCH 00/26] Compiler Warning Fixes Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 01/26] include: add format attribute to __ulogd_log declaration Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 02/26] ulog: remove empty log-line Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 03/26] ulog: fix order of log arguments Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 04/26] ulog: correct log specifiers Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 05/26] output: IPFIX: correct format-specifiers Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 06/26] jhash: add "fall through" comments to switch cases Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 07/26] db: add missing `break` to switch-case Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 08/26] filter: HWHDR: replace `switch` with `if` Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 09/26] filter: HWHDR: re-order KEY_RAW_MAC checks Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 10/26] filter: HWHDR: remove zero-initialization of MAC type Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 11/26] Replace malloc+memset with calloc Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 12/26] filter: PWSNIFF: replace malloc+strncpy with strndup Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 13/26] input: UNIXSOCK: stat socket-path first before creating the socket Jeremy Sowden
2021-10-30 17:33 ` Jan Engelhardt
2021-11-06 13:51 ` Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 14/26] input: UNIXSOCK: fix possible truncation of socket path Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 15/26] input: UNIXSOCK: prevent unaligned pointer access Jeremy Sowden
2021-10-30 17:42 ` Jan Engelhardt
2021-11-06 14:13 ` Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 16/26] output: DBI: fix deprecation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 17/26] output: DBI: fix string truncation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 18/26] output: MYSQL: Fix string truncation warning Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 19/26] output: PGSQL: " Jeremy Sowden
2021-10-30 16:44 ` Jeremy Sowden [this message]
2021-10-30 16:44 ` [ulogd2 PATCH 21/26] output: SQLITE3: catch errors creating SQL statement Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 22/26] util: db: fix possible string truncation Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 23/26] output: JSON: fix output of GMT offset Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 24/26] output: JSON: fix printf truncation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 25/26] output: JSON: optimize appending of newline to output Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 26/26] output: JSON: fix possible truncation of socket path Jeremy Sowden
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211030164432.1140896-21-jeremy@azazel.net \
--to=jeremy@azazel.net \
--cc=netfilter-devel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).