Re: [HACKERS] logical decoding of two-phase transactions

Amit Kapila <amit.kapila16@gmail.com> writes:
> Pushed.

Coverity thinks this has security issues, and I agree.

/srv/coverity/git/pgsql-git/postgresql/src/backend/replication/logical/proto.c: 144 in logicalrep_read_begin_prepare()
143         /* read gid (copy it into a pre-allocated buffer) */
>>>     CID 1487517:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 200-character fixed-size string "begin_data->gid" by copying the return value of
"pq_getmsgstring"without checking the length. 
144         strcpy(begin_data->gid, pq_getmsgstring(in));

200         /* read gid (copy it into a pre-allocated buffer) */
>>>     CID 1487515:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 200-character fixed-size string "prepare_data->gid" by copying the return value of
"pq_getmsgstring"without checking the length. 
201         strcpy(prepare_data->gid, pq_getmsgstring(in));

256         /* read gid (copy it into a pre-allocated buffer) */
>>>     CID 1487516:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 200-character fixed-size string "prepare_data->gid" by copying the return value of
"pq_getmsgstring"without checking the length. 
257         strcpy(prepare_data->gid, pq_getmsgstring(in));

316         /* read gid (copy it into a pre-allocated buffer) */
>>>     CID 1487519:  Security best practices violations  (STRING_OVERFLOW)
>>>     You might overrun the 200-character fixed-size string "rollback_data->gid" by copying the return value of
"pq_getmsgstring"without checking the length. 
317         strcpy(rollback_data->gid, pq_getmsgstring(in));

I think you'd be way better off making the gid fields be "char *"
and pstrdup'ing the result of pq_getmsgstring.  Another possibility
perhaps is to use strlcpy, but I'd only go that way if it's important
to constrain the received strings to 200 bytes.

            regards, tom lane