diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2021-11-30 10:55:44 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2021-12-06 22:31:30 +0100 |
commit | 754d178b53a913b2ff4e2259cbca068a14a19777 (patch) | |
tree | 6fb072e7bab949159d4e529e29d3ec053886ce46 | |
parent | 33e2c5b2f63844a3e08fc287d0d8921cbc3b8f86 (diff) |
output: PGSQL: improve mapping of DB columns to input-keys
Currently, we copy the column-name to a buffer, iterate over it to
replace the underscores with full-stops, using `strchr` from the start
of the buffer on each iteration, then copy the buffer to the input-key's
`name` member.
Apart from the inefficiency, `strncpy` is used to do the copies, which
leads gcc to complain:
ulogd_output_PGSQL.c:204:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Furthermore, the buffer is not initialized, which means that there is
also a possible buffer overrun if the column-name is too long, since
`strncpy` will not append a NUL.
Instead, copy the column-name directly to the input-key using
`snprintf`, and run `strchr` from the last underscore on each iteration.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | output/pgsql/ulogd_output_PGSQL.c | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/output/pgsql/ulogd_output_PGSQL.c b/output/pgsql/ulogd_output_PGSQL.c index f5a2823..71d9403 100644 --- a/output/pgsql/ulogd_output_PGSQL.c +++ b/output/pgsql/ulogd_output_PGSQL.c @@ -190,18 +190,18 @@ static int get_columns_pgsql(struct ulogd_pluginstance *upi) } for (i = 0; i < PQntuples(pi->pgres); i++) { - char buf[ULOGD_MAX_KEYLEN+1]; char *underscore; + snprintf(upi->input.keys[i].name, + sizeof(upi->input.keys[i].name), + "%s", PQgetvalue(pi->pgres, i, 0)); + /* replace all underscores with dots */ - strncpy(buf, PQgetvalue(pi->pgres, i, 0), ULOGD_MAX_KEYLEN); - while ((underscore = strchr(buf, '_'))) + for (underscore = upi->input.keys[i].name; + (underscore = strchr(underscore, '_')); ) *underscore = '.'; - DEBUGP("field '%s' found: ", buf); - - /* add it to list of input keys */ - strncpy(upi->input.keys[i].name, buf, ULOGD_MAX_KEYLEN); + DEBUGP("field '%s' found\n", upi->input.keys[i].name); } /* ID (starting by '.') is a sequence */ |