mirror/mariadb
1
0
Fork 0
mirror of https://github.com/MariaDB/server.git synced 2025-01-16 20:12:31 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
mariadb/storage
History
Mikhail Chalov 567b681299 Minimize unsafe C functions usage - replace strcat() and strcpy() (and strncat() and strncpy()) with custom safe_strcat() and safe_strcpy() functions 
The MariaDB code base uses strcat() and strcpy() in several
places. These are known to have memory safety issues and their usage is
discouraged. Common security scanners like Flawfinder flags them. In MariaDB we
should start using modern and safer variants on these functions.

This is similar to memory issues fixes in 19af1890b5
and 9de9f105b5 but now replace use of strcat()
and strcpy() with safer options strncat() and strncpy().

However, add '\0' forcefully to make sure the result string is correct since
for these two functions it is not guaranteed what new string will be null-terminated.

Example:

    size_t dest_len = sizeof(g->Message);
    strncpy(g->Message, "Null json tree", dest_len); strncat(g->Message, ":",
    sizeof(g->Message) - strlen(g->Message)); size_t wrote_sz = strlen(g->Message);
    size_t cur_len = wrote_sz >= dest_len ? dest_len - 1 : wrote_sz;
    g->Message[cur_len] = '\0';

All new code of the whole pull request, including one or several files
that are either new files or modified ones, are contributed under the BSD-new
license. I am contributing on behalf of my employer Amazon Web Services

-- Reviewer and co-author Vicențiu Ciorbaru <vicentiu@mariadb.org>
-- Reviewer additions:
* The initial function implementation was flawed. Replaced with a simpler
  and also correct version.
* Simplified code by making use of snprintf instead of chaining strcat.
* Simplified code by removing dynamic string construction in the first
  place and using static strings if possible. See connect storage engine
  changes.
2023-01-20 15:18:52 +02:00
..
archive clang15 warnings - unused vars and old prototypes 2023-01-10 17:10:43 +00:00
blackhole
cassandra
connect Minimize unsafe C functions usage - replace strcat() and strcpy() (and strncat() and strncpy()) with custom safe_strcat() and safe_strcpy() functions 2023-01-20 15:18:52 +02:00
csv
example MDEV-27730 Add PLUGIN_VAR_DEPRECATED flag to plugin variables 2022-02-18 13:10:20 +09:00
federated
federatedx MDEV-29490 Renaming internally used client API to avoid name conflicts 2022-10-25 14:00:21 +02:00
heap Fix clang -Wunused-but-set-variable in unit tests 2022-07-26 08:18:36 +03:00
innobase MDEV-30422 Merge new release of InnoDB 5.7.41 to 10.3 2023-01-17 17:52:16 +02:00
maria typos 2022-12-21 12:46:52 +11:00
mroonga MDEV-29299 SELECT from table with vcol index reports warning 2022-10-12 20:49:45 +03:00
myisam typos 2022-12-21 12:46:52 +11:00
myisammrg
oqgraph
perfschema fix typos 2023-01-12 14:02:20 +11:00
rocksdb clang15 warnings - unused vars and old prototypes 2023-01-10 17:10:43 +00:00
sequence MDEV-29446 Change SHOW CREATE TABLE to display default collation 2022-09-12 22:10:39 +04:00
sphinx MDEV-29490 Renaming internally used client API to avoid name conflicts 2022-10-25 14:00:21 +02:00
spider MDEV-29988: (spider fix) Major performance regression with 10.6.11 2023-01-02 00:04:03 +01:00
test_sql_discovery MDEV-29446 Change SHOW CREATE TABLE to display default collation 2022-09-12 22:10:39 +04:00
tokudb clang15 warnings - unused vars and old prototypes 2023-01-10 17:10:43 +00:00