Truncate strings in tarCreateHeader() with strlcpy(), not sprintf().

This supplements the GNU libc bug #6530 workarounds introduced in commit
54cd4f04576833abc394e131288bf3dd7dcf4806.  On affected systems, a
tar-format pg_basebackup failed when some filename beneath the data
directory was not valid character data in the postmaster/walsender
locale.  Back-patch to 9.1, where pg_basebackup was introduced.  Extant,
bug-prone conversion specifications receive only ASCII bytes or involve
low-importance messages.

diff --git a/src/bin/pg_basebackup/t/010_pg_basebackup.pl b/src/bin/pg_basebackup/t/010_pg_basebackup.pl
index 3476ea686ac89ee7bc2fd40c314dcf2ca733aeae..c8c9250b3845f93840e05d3550059deb880ec3c2 100644 (file)
--- a/src/bin/pg_basebackup/t/010_pg_basebackup.pl
+++ b/src/bin/pg_basebackup/t/010_pg_basebackup.pl
@@ -17,6 +17,14 @@ command_fails(
        [ 'pg_basebackup', '-D', "$tempdir/backup" ],
        'pg_basebackup fails because of hba');
 
+# Some Windows ANSI code pages may reject this filename, in which case we
+# quietly proceed without this bit of test coverage.
+if (open BADCHARS, ">>$tempdir/pgdata/FOO\xe0\xe0\xe0BAR")
+{
+       print BADCHARS "test backup of file with non-UTF8 name\n";
+       close BADCHARS;
+}
+
 open HBA, ">>$tempdir/pgdata/pg_hba.conf";
 print HBA "local replication all trust\n";
 print HBA "host replication all 127.0.0.1/32 trust\n";

diff --git a/src/port/tar.c b/src/port/tar.c
index 4721df3ddc33a942c956d787549048f31d25e6ee..72fd4e13aca381d38d21ad258aa313895e7768b0 100644 (file)
--- a/src/port/tar.c
+++ b/src/port/tar.c
@@ -68,7 +68,7 @@ tarCreateHeader(char *h, const char *filename, const char *linktarget,
        memset(h, 0, 512);                      /* assume tar header size */
 
        /* Name 100 */
-       sprintf(&h[0], "%.99s", filename);
+       strlcpy(&h[0], filename, 100);
        if (linktarget != NULL || S_ISDIR(mode))
        {
                /*
@@ -110,7 +110,7 @@ tarCreateHeader(char *h, const char *filename, const char *linktarget,
                /* Type - Symbolic link */
                sprintf(&h[156], "2");
                /* Link Name 100 */
-               sprintf(&h[157], "%.99s", linktarget);
+               strlcpy(&h[157], linktarget, 100);
        }
        else if (S_ISDIR(mode))
                /* Type - directory */
@@ -127,11 +127,11 @@ tarCreateHeader(char *h, const char *filename, const char *linktarget,
 
        /* User 32 */
        /* XXX: Do we need to care about setting correct username? */
-       sprintf(&h[265], "%.31s", "postgres");
+       strlcpy(&h[265], "postgres", 32);
 
        /* Group 32 */
        /* XXX: Do we need to care about setting correct group name? */
-       sprintf(&h[297], "%.31s", "postgres");
+       strlcpy(&h[297], "postgres", 32);
 
        /* Major Dev 8 */
        sprintf(&h[329], "%07o ", 0);