From: Marko Kreen <markokr@gmail.com>
Date: Mon, 10 Sep 2012 10:07:43 +0000 (+0300)
Subject: add_database: fail gracefully if too long db name
X-Git-Tag: pgbouncer_1_5_3~2
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=4b92112b820830b30cd7bc91bef3dd8f35305525;p=pgbouncer

add_database: fail gracefully if too long db name

Truncating & adding can lead to fatal() later.

It was not an issue before, but with audodb (* in [databases] section)
the database name can some from network, thus allowing remote shutdown..
---

diff --git a/src/objects.c b/src/objects.c
index 3aeb36e..b61387f 100644
--- a/src/objects.c
+++ b/src/objects.c
@@ -303,7 +303,11 @@ PgDatabase *add_database(const char *name)
 			return NULL;
 
 		list_init(&db->head);
-		safe_strcpy(db->name, name, sizeof(db->name));
+		if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) {
+			log_warning("Too long db name: %s", name);
+			slab_free(db_cache, db);
+			return NULL;
+		}
 		put_in_order(&db->head, &database_list, cmp_database);
 	}