Replace `strncpy` with `snprintf` and `memcpy`. Remove intermediate buffer. Ensure that `dst` is properly initialized if `dbi_conn_quote_string_copy` returns an error. Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx> --- output/dbi/ulogd_output_DBI.c | 46 +++++++++++++++-------------------- 1 file changed, 20 insertions(+), 26 deletions(-) diff --git a/output/dbi/ulogd_output_DBI.c b/output/dbi/ulogd_output_DBI.c index 461aed4bddb6..babaf58a9a56 100644 --- a/output/dbi/ulogd_output_DBI.c +++ b/output/dbi/ulogd_output_DBI.c @@ -91,15 +91,6 @@ static struct config_keyset dbi_kset = { #define dbtype_ce(x) (x->ces[DB_CE_NUM+6]) -/* lower-cases s in place */ -static void str_tolower(char *s) -{ - while(*s) { - *s = tolower(*s); - s++; - } -} - /* find out which columns the table has */ static int get_columns_dbi(struct ulogd_pluginstance *upi) { @@ -139,25 +130,26 @@ static int get_columns_dbi(struct ulogd_pluginstance *upi) return -ENOMEM; } - for (ui=1; ui<=upi->input.num_keys; ui++) { - char buf[ULOGD_MAX_KEYLEN+1]; - char *underscore; - const char* field_name = dbi_result_get_field_name(pi->result, ui); + for (ui = 1; ui <= upi->input.num_keys; ui++) { + const char *field_name = dbi_result_get_field_name(pi->result, ui); + char *cp; if (!field_name) break; - /* replace all underscores with dots */ - strncpy(buf, field_name, ULOGD_MAX_KEYLEN); - while ((underscore = strchr(buf, '_'))) - *underscore = '.'; + snprintf(upi->input.keys[ui - 1].name, + sizeof(upi->input.keys[ui - 1].name), + "%s", field_name); - str_tolower(buf); + /* down-case and replace all underscores with dots */ + for (cp = upi->input.keys[ui - 1].name; *cp; cp++) { + if (*cp == '_') + *cp = '.'; + else + *cp = tolower(*cp); + } - DEBUGP("field '%s' found: ", buf); - - /* add it to list of input keys */ - strncpy(upi->input.keys[ui-1].name, buf, ULOGD_MAX_KEYLEN); + DEBUGP("field '%s' found: ", upi->input.keys[ui - 1].name); } /* ID is a sequence */ @@ -245,18 +237,20 @@ static int escape_string_dbi(struct ulogd_pluginstance *upi, } ret = dbi_conn_quote_string_copy(pi->dbh, src, &newstr); - if (ret <= 2) + if (ret == 0) { + *dst = '\0'; return 0; + } /* dbi_conn_quote_string_copy returns a quoted string, * but __interp_db already quotes the string * So we return a string without the quotes */ - strncpy(dst,newstr+1,ret-2); - dst[ret-2] = '\0'; + memcpy(dst, newstr + 1, ret - 2); + dst[ret - 2] = '\0'; free(newstr); - return (ret-2); + return ret - 2; } static int execute_dbi(struct ulogd_pluginstance *upi, -- 2.33.0