diff options
author | Jeremy Sowden <jeremy@azazel.net> | 2021-11-30 10:55:49 +0000 |
---|---|---|
committer | Pablo Neira Ayuso <pablo@netfilter.org> | 2022-01-03 16:08:54 +0100 |
commit | 12f0909d606684010bc9c4ba97857f89c3d2dd70 (patch) | |
tree | 910f5a48bbb81bb3c7bf8c9b01c66bff375b5b01 /output | |
parent | 53d669d95c94aab4366b8fe9544d61369aa384b5 (diff) |
output: SQLITE3: improve mapping of DB columns to fields
Currently, we copy the column-name to a buffer, iterate over it to
replace the underscores with full-stops, using `strchr` from the start
of the buffer on each iteration, then copy the buffer to the field's
`name` member.
Apart from the inefficiency, `strncpy` is used to do the copies, which
leads gcc to complain:
ulogd_output_SQLITE3.c:341:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31
Furthermore, the buffer is not initialized, which means that there is
also a possible buffer overrun if the column-name is too long, since
`strncpy` will not append a NUL.
Instead, copy the column-name directly to the field using `snprintf`,
and run `strchr` from the last underscore on each iteration.
Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Diffstat (limited to 'output')
-rw-r--r-- | output/sqlite3/ulogd_output_SQLITE3.c | 26 |
1 files changed, 13 insertions, 13 deletions
diff --git a/output/sqlite3/ulogd_output_SQLITE3.c b/output/sqlite3/ulogd_output_SQLITE3.c index 692ff2b..d2857df 100644 --- a/output/sqlite3/ulogd_output_SQLITE3.c +++ b/output/sqlite3/ulogd_output_SQLITE3.c @@ -301,9 +301,6 @@ static int sqlite3_init_db(struct ulogd_pluginstance *pi) { struct sqlite3_priv *priv = (void *)pi->private; - char buf[ULOGD_MAX_KEYLEN + 1]; - char *underscore; - struct field *f; sqlite3_stmt *schema_stmt; int col, num_cols; @@ -323,24 +320,27 @@ sqlite3_init_db(struct ulogd_pluginstance *pi) } for (col = 0; col < num_cols; col++) { - strncpy(buf, sqlite3_column_name(schema_stmt, col), ULOGD_MAX_KEYLEN); - - /* replace all underscores with dots */ - while ((underscore = strchr(buf, '_')) != NULL) - *underscore = '.'; - - DEBUGP("field '%s' found\n", buf); + char *underscore; + struct field *f; /* prepend it to the linked list */ if ((f = calloc(1, sizeof(struct field))) == NULL) { ulogd_log(ULOGD_ERROR, "SQLITE3: out of memory\n"); return -1; } - strncpy(f->name, buf, ULOGD_MAX_KEYLEN); + snprintf(f->name, sizeof(f->name), + "%s", sqlite3_column_name(schema_stmt, col)); + + /* replace all underscores with dots */ + for (underscore = f->name; + (underscore = strchr(underscore, '_')) != NULL; ) + *underscore = '.'; + + DEBUGP("field '%s' found\n", f->name); - if ((f->key = ulogd_find_key(pi, buf)) == NULL) { + if ((f->key = ulogd_find_key(pi, f->name)) == NULL) { ulogd_log(ULOGD_ERROR, - "SQLITE3: unknown input key: %s\n", buf); + "SQLITE3: unknown input key: %s\n", f->name); free(f); return -1; } |