mirror/postgresql
2
0
Fork 0
mirror of https://git.postgresql.org/git/postgresql.git synced 2024-12-15 08:20:16 +08:00
Code Issues Packages Projects Releases Wiki Activity
37,769 Commits 37 Branches 638 Tags 390 MiB
C 85.6%
PLpgSQL 5.9%
Perl 4.2%
Yacc 1.2%
Makefile 0.7%
Other 2.3%
586dd5d6a5
Go to file
Tom Lane 586dd5d6a5 Replace a bunch more uses of strncpy() with safer coding. 
strncpy() has a well-deserved reputation for being unsafe, so make an
effort to get rid of nearly all occurrences in HEAD.

A large fraction of the remaining uses were passing length less than or
equal to the known strlen() of the source, in which case no null-padding
can occur and the behavior is equivalent to memcpy(), though doubtless
slower and certainly harder to reason about.  So just use memcpy() in
these cases.

In other cases, use either StrNCpy() or strlcpy() as appropriate (depending
on whether padding to the full length of the destination buffer seems
useful).

I left a few strncpy() calls alone in the src/timezone/ code, to keep it
in sync with upstream (the IANA tzcode distribution).  There are also a
few such calls in ecpg that could possibly do with more analysis.

AFAICT, none of these changes are more than cosmetic, except for the four
occurrences in fe-secure-openssl.c, which are in fact buggy: an overlength
source leads to a non-null-terminated destination buffer and ensuing
misbehavior.  These don't seem like security issues, first because no stack
clobber is possible and second because if your values of sslcert etc are
coming from untrusted sources then you've got problems way worse than this.
Still, it's undesirable to have unpredictable behavior for overlength
inputs, so back-patch those four changes to all active branches.
2015-01-24 13:05:42 -05:00
config Remove configure test for nonstandard variants of getpwuid_r(). 2015-01-11 12:52:37 -05:00
contrib Replace a bunch more uses of strncpy() with safer coding. 2015-01-24 13:05:42 -05:00
doc vacuumdb: enable parallel mode 2015-01-23 15:02:45 -03:00
src Replace a bunch more uses of strncpy() with safer coding. 2015-01-24 13:05:42 -05:00
.dir-locals.el
.gitattributes Add functions for dealing with PGP armor header lines to pgcrypto. 2014-10-01 16:03:39 +03:00
.gitignore Update .gitignore for config.cache. 2014-12-18 19:56:42 +09:00
aclocal.m4
configure Allow CFLAGS from configure's environment to override automatic CFLAGS. 2015-01-14 11:08:13 -05:00
configure.in Allow CFLAGS from configure's environment to override automatic CFLAGS. 2015-01-14 11:08:13 -05:00
COPYRIGHT Update copyright for 2015 2015-01-06 11:43:47 -05:00
GNUmakefile.in Add TAP tests for client programs 2014-04-14 21:33:46 -04:00
HISTORY
Makefile
README
README.git

README 

PostgreSQL Database Management System
=====================================

This directory contains the source code distribution of the PostgreSQL
database management system.

PostgreSQL is an advanced object-relational database management system
that supports an extended subset of the SQL standard, including
transactions, foreign keys, subqueries, triggers, user-defined types
and functions.  This distribution also contains C language bindings.

PostgreSQL has many language interfaces, many of which are listed here:

	http://www.postgresql.org/download

See the file INSTALL for instructions on how to build and install
PostgreSQL.  That file also lists supported operating systems and
hardware platforms and contains information regarding any other
software packages that are required to build or run the PostgreSQL
system.  Copyright and license information can be found in the
file COPYRIGHT.  A comprehensive documentation set is included in this
distribution; it can be read as described in the installation
instructions.

The latest version of this software may be obtained at
http://www.postgresql.org/download/.  For more information look at our
web site located at http://www.postgresql.org/.