Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 1.1.1, 1.2.0, 1.3.0, 1.4.0
    • Fix Version/s: 2.1.0
    • Component/s: N/A
    • Labels:
      None
    • Environment:
      All

      Description

      Use of strncpy is dangerous. For example, it is used in sharding_common.c at line 62 which reads:
      strncpy(str,tok,MYSQL_DATABASE_MAXLEN);

      If we have a cast iron guarantee that the string "tok" will not be longer than "MYSQL_DATABASE_MAXLEN" then the call is safe. But in that case, there is no advantage over using strcpy. If "tok" exceeded that length, then "str" will not have a terminating null, and results are unpredictable.

      A safe way to use strncpy is:
      strncpy(str1, str2, sizeof(str1)-1);
      str1[sizeof(str1)-1] = '\0';

      But it may be more sensible to check that the length of the source string is within the limit. At the very least finding a database name that exceeds what we think is the limit should be an error. Possibly it should cause MaxScale to crash on the grounds that once the situation falls outside the basic parameters that define the software, we don't know what may happen. Such a thing should never happen, but should be guarded against all the same.

      This issue should not be cleared without checking all uses of strncpy (currently 99 total).

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                johan.wikman Johan Wikman
                Reporter:
                martin brampton martin brampton
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - 4d
                  4d
                  Remaining:
                  Remaining Estimate - 4d
                  4d
                  Logged:
                  Time Spent - Not Specified
                  Not Specified