[ulogd2 PATCH 22/26] util: db: fix possible string truncation.

netfilter-devel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Jeremy Sowden <jeremy@azazel.net>
To: Netfilter Devel <netfilter-devel@vger.kernel.org>
Subject: [ulogd2 PATCH 22/26] util: db: fix possible string truncation.
Date: Sat, 30 Oct 2021 17:44:28 +0100	[thread overview]
Message-ID: <20211030164432.1140896-23-jeremy@azazel.net> (raw)
In-Reply-To: <20211030164432.1140896-1-jeremy@azazel.net>

Correct buffer size to match that of key-name.

We can now replace strncpy with strcpy.

Don't start strchr from the beginning every time.

Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
---
 util/db.c | 23 +++++++++++------------
 1 file changed, 11 insertions(+), 12 deletions(-)

diff --git a/util/db.c b/util/db.c
index f0711146867f..0f8eb7057436 100644
--- a/util/db.c
+++ b/util/db.c
@@ -10,7 +10,7 @@
  *           (C) 2008,2013 Eric Leblond <eric@regit.org>
  *
  *  This program is free software; you can redistribute it and/or modify
- *  it under the terms of the GNU General Public License version 2 
+ *  it under the terms of the GNU General Public License version 2
  *  as published by the Free Software Foundation
  *
  *  This program is distributed in the hope that it will be useful,
@@ -21,7 +21,7 @@
  *  You should have received a copy of the GNU General Public License
  *  along with this program; if not, write to the Free Software
  *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- * 
+ *
  */
 
 #include <unistd.h>
@@ -96,8 +96,6 @@ static int sql_createstmt(struct ulogd_pluginstance *upi)
 	if (strncasecmp(procedure,"INSERT", strlen("INSERT")) == 0 &&
 	    (procedure[strlen("INSERT")] == '\0' ||
 			procedure[strlen("INSERT")] == ' ')) {
-		char buf[ULOGD_MAX_KEYLEN];
-		char *underscore;
 
 		if(procedure[6] == '\0') {
 			/* procedure == "INSERT" */
@@ -112,11 +110,13 @@ static int sql_createstmt(struct ulogd_pluginstance *upi)
 		stmt_val = mi->stmt + strlen(mi->stmt);
 
 		for (i = 0; i < upi->input.num_keys; i++) {
+			char buf[sizeof(upi->input.keys[0].name)], *underscore = buf;
+
 			if (upi->input.keys[i].flags & ULOGD_KEYF_INACTIVE)
 				continue;
 
-			strncpy(buf, upi->input.keys[i].name, ULOGD_MAX_KEYLEN);	
-			while ((underscore = strchr(buf, '.')))
+			strcpy(buf, upi->input.keys[i].name);
+			while ((underscore = strchr(underscore, '.')))
 				*underscore = '_';
 			sprintf(stmt_val, "%s,", buf);
 			stmt_val = mi->stmt + strlen(mi->stmt);
@@ -168,7 +168,7 @@ int ulogd_db_configure(struct ulogd_pluginstance *upi,
 	ret = di->driver->get_columns(upi);
 	if (ret < 0)
 		ulogd_log(ULOGD_ERROR, "error in get_columns\n");
-	
+
 	/* Close database, since ulogd core could just call configure
 	 * but abort during input key resolving routines.  configure
 	 * doesn't have a destructor... */
@@ -215,7 +215,7 @@ int ulogd_db_start(struct ulogd_pluginstance *upi)
 
 	if (di->ring.size > 0) {
 		/* allocate */
-		di->ring.ring = calloc(di->ring.size, sizeof(char) * di->ring.length);
+		di->ring.ring = calloc(di->ring.size, di->ring.length);
 		if (di->ring.ring == NULL) {
 			ret = -1;
 			goto db_error;
@@ -226,9 +226,8 @@ int ulogd_db_start(struct ulogd_pluginstance *upi)
 			  di->ring.size, di->ring.length);
 		/* init start of query for each element */
 		for(i = 0; i < di->ring.size; i++) {
-			strncpy(di->ring.ring + di->ring.length * i + 1,
-				di->stmt,
-				strlen(di->stmt));
+			strcpy(di->ring.ring + di->ring.length * i + 1,
+			       di->stmt);
 		}
 		/* init cond & mutex */
 		ret = pthread_cond_init(&di->ring.cond, NULL);
@@ -314,7 +313,7 @@ static int _init_reconnect(struct ulogd_pluginstance *upi)
 	/* Disable plugin permanently */
 	ulogd_log(ULOGD_ERROR, "permanently disabling plugin\n");
 	di->interp = &disabled_interp_db;
-	
+
 	return 0;
 }
 
-- 
2.33.0

next prev parent reply	other threads:[~2021-10-30 17:10 UTC|newest]

Thread overview: 31+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-10-30 16:44 [ulogd2 PATCH 00/26] Compiler Warning Fixes Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 01/26] include: add format attribute to __ulogd_log declaration Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 02/26] ulog: remove empty log-line Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 03/26] ulog: fix order of log arguments Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 04/26] ulog: correct log specifiers Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 05/26] output: IPFIX: correct format-specifiers Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 06/26] jhash: add "fall through" comments to switch cases Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 07/26] db: add missing `break` to switch-case Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 08/26] filter: HWHDR: replace `switch` with `if` Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 09/26] filter: HWHDR: re-order KEY_RAW_MAC checks Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 10/26] filter: HWHDR: remove zero-initialization of MAC type Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 11/26] Replace malloc+memset with calloc Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 12/26] filter: PWSNIFF: replace malloc+strncpy with strndup Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 13/26] input: UNIXSOCK: stat socket-path first before creating the socket Jeremy Sowden
2021-10-30 17:33   ` Jan Engelhardt
2021-11-06 13:51     ` Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 14/26] input: UNIXSOCK: fix possible truncation of socket path Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 15/26] input: UNIXSOCK: prevent unaligned pointer access Jeremy Sowden
2021-10-30 17:42   ` Jan Engelhardt
2021-11-06 14:13     ` Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 16/26] output: DBI: fix deprecation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 17/26] output: DBI: fix string truncation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 18/26] output: MYSQL: Fix string truncation warning Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 19/26] output: PGSQL: " Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 20/26] output: SQLITE3: Fix string truncation warnings and possible buffer overruns Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 21/26] output: SQLITE3: catch errors creating SQL statement Jeremy Sowden
2021-10-30 16:44 ` Jeremy Sowden [this message]
2021-10-30 16:44 ` [ulogd2 PATCH 23/26] output: JSON: fix output of GMT offset Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 24/26] output: JSON: fix printf truncation warnings Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 25/26] output: JSON: optimize appending of newline to output Jeremy Sowden
2021-10-30 16:44 ` [ulogd2 PATCH 26/26] output: JSON: fix possible truncation of socket path Jeremy Sowden

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:f0711146867 dfblob:0f8eb705743 )
 OR (
bs:"[ulogd2 PATCH 22/26] util: db: fix possible string truncation." )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20211030164432.1140896-23-jeremy@azazel.net \
    --to=jeremy@azazel.net \
    --cc=netfilter-devel@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).