From: Tom Lane <tgl@sss.pgh.pa.us>
Date: Sun, 25 Mar 2018 19:15:32 +0000 (-0400)
Subject: Fix unsafe extraction of the OID part of a relation filename.
X-Git-Tag: REL_11_BETA1~485
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=d0c0c894533f906b13b79813f02b2982ac675074;p=postgresql

Fix unsafe extraction of the OID part of a relation filename.

Commit 8694cc96b did this randomly differently from other callers of
parse_filename_for_nontemp_relation().  Perhaps unsurprisingly,
the randomly different way is wrong; it fails to ensure the
extracted string is null-terminated.  Per buildfarm member skink.

Discussion: https://postgr.es/m/14453.1522001792@sss.pgh.pa.us
---

diff --git a/src/backend/replication/basebackup.c b/src/backend/replication/basebackup.c
index eb6eb7206d..e4c45c5025 100644
--- a/src/backend/replication/basebackup.c
+++ b/src/backend/replication/basebackup.c
@@ -1056,7 +1056,8 @@ sendDir(const char *path, int basepathlen, bool sizeonly, List *tablespaces,
 				 * If any other type of fork, check if there is an init fork
 				 * with the same OID. If so, the file can be excluded.
 				 */
-				strncpy(relOid, de->d_name, relOidChars);
+				memcpy(relOid, de->d_name, relOidChars);
+				relOid[relOidChars] = '\0';
 				snprintf(initForkFile, sizeof(initForkFile), "%s/%s_init",
 						 path, relOid);