From 754d178b53a913b2ff4e2259cbca068a14a19777 Mon Sep 17 00:00:00 2001 From: Jeremy Sowden Date: Tue, 30 Nov 2021 10:55:44 +0000 Subject: output: PGSQL: improve mapping of DB columns to input-keys Currently, we copy the column-name to a buffer, iterate over it to replace the underscores with full-stops, using `strchr` from the start of the buffer on each iteration, then copy the buffer to the input-key's `name` member. Apart from the inefficiency, `strncpy` is used to do the copies, which leads gcc to complain: ulogd_output_PGSQL.c:204:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31 Furthermore, the buffer is not initialized, which means that there is also a possible buffer overrun if the column-name is too long, since `strncpy` will not append a NUL. Instead, copy the column-name directly to the input-key using `snprintf`, and run `strchr` from the last underscore on each iteration. Signed-off-by: Jeremy Sowden Signed-off-by: Pablo Neira Ayuso --- output/pgsql/ulogd_output_PGSQL.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'output') diff --git a/output/pgsql/ulogd_output_PGSQL.c b/output/pgsql/ulogd_output_PGSQL.c index f5a2823..71d9403 100644 --- a/output/pgsql/ulogd_output_PGSQL.c +++ b/output/pgsql/ulogd_output_PGSQL.c @@ -190,18 +190,18 @@ static int get_columns_pgsql(struct ulogd_pluginstance *upi) } for (i = 0; i < PQntuples(pi->pgres); i++) { - char buf[ULOGD_MAX_KEYLEN+1]; char *underscore; + snprintf(upi->input.keys[i].name, + sizeof(upi->input.keys[i].name), + "%s", PQgetvalue(pi->pgres, i, 0)); + /* replace all underscores with dots */ - strncpy(buf, PQgetvalue(pi->pgres, i, 0), ULOGD_MAX_KEYLEN); - while ((underscore = strchr(buf, '_'))) + for (underscore = upi->input.keys[i].name; + (underscore = strchr(underscore, '_')); ) *underscore = '.'; - DEBUGP("field '%s' found: ", buf); - - /* add it to list of input keys */ - strncpy(upi->input.keys[i].name, buf, ULOGD_MAX_KEYLEN); + DEBUGP("field '%s' found\n", upi->input.keys[i].name); } /* ID (starting by '.') is a sequence */ -- cgit v1.2.3