add_database: fail gracefully if too long db name

Truncating & adding can lead to fatal() later.

It was not an issue before, but with audodb (* in [databases] section)
the database name can some from network, thus allowing remote shutdown..

diff --git a/src/objects.c b/src/objects.c
index 3aeb36e8220ddc1a58109ea7301ba629c62d7df6..b61387f8f867922cbe19a00b53d26b7c24c5c69e 100644 (file)
--- a/src/objects.c
+++ b/src/objects.c
@@ -303,7 +303,11 @@ PgDatabase *add_database(const char *name)
                        return NULL;
 
                list_init(&db->head);
-               safe_strcpy(db->name, name, sizeof(db->name));
+               if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) {
+                       log_warning("Too long db name: %s", name);
+                       slab_free(db_cache, db);
+                       return NULL;
+               }
                put_in_order(&db->head, &database_list, cmp_database);
        }