Details
-
Bug
-
Status: Closed (View Workflow)
-
Major
-
Resolution: Fixed
-
1.1.1, 1.2.0, 1.3.0, 1.4.0
-
None
-
All
-
2016-12
Description
Use of strncpy is dangerous. For example, it is used in sharding_common.c at line 62 which reads:
strncpy(str,tok,MYSQL_DATABASE_MAXLEN);
If we have a cast iron guarantee that the string "tok" will not be longer than "MYSQL_DATABASE_MAXLEN" then the call is safe. But in that case, there is no advantage over using strcpy. If "tok" exceeded that length, then "str" will not have a terminating null, and results are unpredictable.
A safe way to use strncpy is:
strncpy(str1, str2, sizeof(str1)-1);
str1[sizeof(str1)-1] = '\0';
But it may be more sensible to check that the length of the source string is within the limit. At the very least finding a database name that exceeds what we think is the limit should be an error. Possibly it should cause MaxScale to crash on the grounds that once the situation falls outside the basic parameters that define the software, we don't know what may happen. Such a thing should never happen, but should be guarded against all the same.
This issue should not be cleared without checking all uses of strncpy (currently 99 total).