diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2021-11-30 10:55:53 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-01-03 16:38:57 +0100 |
commit | b2008092566ab071b234d8650f9f5397e858dbaf (patch) | |
tree | d0e30dbd71bbda635acd1bdf8a1f2b944463fe68 | |
parent | 2bb3c1b74c40fdd4de709ffc469619d5e404db73 (diff) |
db: improve mapping of input-keys to DB columns
Currently, we copy the key-name to a buffer, iterate over it to replace
the full-stops with underscores, using `strchr` from the start of the
buffer on each iteration, then append the buffer to the SQL statement.
Apart from the inefficiency, `strncpy` is used to do the copies, which
leads gcc to complain:
../../util/db.c:118:25: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Furthermore, the buffer is one character too short and so there is the
possibility of overruns.
Instead, append the key-name directly to the statement using `sprintf`,
and run `strchr` from the last underscore on each iteration.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
-rw-r--r-- | util/db.c | 13 |
1 files changed, 8 insertions, 5 deletions
@@ -96,8 +96,6 @@ static int sql_createstmt(struct ulogd_pluginstance *upi) (procedure[strlen("INSERT")] == '\0' || procedure[strlen("INSERT")] == ' ')) { char *stmt_val = mi->stmt; - char buf[ULOGD_MAX_KEYLEN]; - char *underscore; if(procedure[6] == '\0') { /* procedure == "INSERT" */ @@ -112,13 +110,18 @@ static int sql_createstmt(struct ulogd_pluginstance *upi) stmt_val += sprintf(stmt_val, "%s (", procedure); for (i = 0; i < upi->input.num_keys; i++) { + char *underscore; + if (upi->input.keys[i].flags & ULOGD_KEYF_INACTIVE) continue; - strncpy(buf, upi->input.keys[i].name, ULOGD_MAX_KEYLEN); - while ((underscore = strchr(buf, '.'))) + underscore = stmt_val; + + stmt_val += sprintf(stmt_val, "%s,", + upi->input.keys[i].name); + + while ((underscore = strchr(underscore, '.'))) *underscore = '_'; - stmt_val += sprintf(stmt_val, "%s,", buf); } *(stmt_val - 1) = ')'; |