From 4b92112b820830b30cd7bc91bef3dd8f35305525 Mon Sep 17 00:00:00 2001 From: Marko Kreen Date: Mon, 10 Sep 2012 13:07:43 +0300 Subject: [PATCH] add_database: fail gracefully if too long db name Truncating & adding can lead to fatal() later. It was not an issue before, but with audodb (* in [databases] section) the database name can some from network, thus allowing remote shutdown.. --- src/objects.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/objects.c b/src/objects.c index 3aeb36e..b61387f 100644 --- a/src/objects.c +++ b/src/objects.c @@ -303,7 +303,11 @@ PgDatabase *add_database(const char *name) return NULL; list_init(&db->head); - safe_strcpy(db->name, name, sizeof(db->name)); + if (strlcpy(db->name, name, sizeof(db->name)) >= sizeof(db->name)) { + log_warning("Too long db name: %s", name); + slab_free(db_cache, db); + return NULL; + } put_in_order(&db->head, &database_list, cmp_database); } -- 2.40.0