hcq/MaxScale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Check if source and destination overlap in serverAddMonUser

Browse Source 
The source and destination strings for snprintf must not overlap. A simple
check for the address of the source and destination should solve the case
where they are the same. Behavior is undefined if the pointers aren't the
same but the memory overlaps.
This commit is contained in:
Markus Mäkelä
2016-12-16 18:18:04 +02:00
parent f69c8ccd0c
commit 067d48ddc6
1 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
server/core/server.c
View File

@ -804,12 +804,15 @@ server_transfer_status(SERVER *dest_server, SERVER *source_server)
void void
serverAddMonUser(SERVER *server, char *user, char *passwd) serverAddMonUser(SERVER *server, char *user, char *passwd)
{ {
if (snprintf(server->monuser, sizeof(server->monuser), "%s", user) > sizeof(server->monuser)) if (user != server->monuser &&
snprintf(server->monuser, sizeof(server->monuser), "%s", user) > sizeof(server->monuser))
{ {
MXS_WARNING("Truncated monitor user for server '%s', maximum username " MXS_WARNING("Truncated monitor user for server '%s', maximum username "
"length is %lu characters.", server->unique_name, sizeof(server->monuser)); "length is %lu characters.", server->unique_name, sizeof(server->monuser));
} }
if (snprintf(server->monpw, sizeof(server->monpw), "%s", passwd) > sizeof(server->monpw))
if (passwd != server->monpw &&
snprintf(server->monpw, sizeof(server->monpw), "%s", passwd) > sizeof(server->monpw))
{ {
MXS_WARNING("Truncated monitor password for server '%s', maximum password " MXS_WARNING("Truncated monitor password for server '%s', maximum password "
"length is %lu characters.", server->unique_name, sizeof(server->monpw)); "length is %lu characters.", server->unique_name, sizeof(server->monpw));