pg_standby: Avoid writing one byte beyond the end of the buffer.

robertmhaas · robertmhaas · commit 151fb75b0d6e · 2015-01-15T09:42:33.000-05:00
Previously, read() might have returned a length equal to the buffer
length, and then the subsequent store to buf[len] would write a
zero-byte one byte past the end.  This doesn't seem likely to be
a security issue, but there's some chance it could result in
pg_standby misbehaving.

Spotted by Coverity; patch by Michael Paquier, reviewed by me.
diff --git a/contrib/pg_standby/pg_standby.c b/contrib/pg_standby/pg_standby.c
@@ -435,7 +435,7 @@ CheckForExternalTrigger(void)
 		return;
 	}
 
-	if ((len = read(fd, buf, sizeof(buf))) < 0)
+	if ((len = read(fd, buf, sizeof(buf) - 1)) < 0)
 	{
 		fprintf(stderr, "WARNING: could not read \"%s\": %s\n",
 				triggerPath, strerror(errno));

Original file line number	Diff line number	Diff line change
`@@ -435,7 +435,7 @@ CheckForExternalTrigger(void)`
`435`	`435`	`return;`
`436`	`436`	`}`
`437`	`437`
`438`		`- if ((len = read(fd, buf, sizeof(buf))) < 0)`
	`438`	`+ if ((len = read(fd, buf, sizeof(buf) - 1)) < 0)`
`439`	`439`	`{`
`440`	`440`	`fprintf(stderr, "WARNING: could not read \"%s\": %s\n",`
`441`	`441`	`triggerPath, strerror(errno));`