Currently, we copy the column-name to a buffer, iterate over it to replace the underscores with full-stops, using `strchr` from the start of the buffer on each iteration, then copy the buffer to the field's `name` member. Apart from the inefficiency, `strncpy` is used to do the copies, which leads gcc to complain: ulogd_output_SQLITE3.c:341:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31 Furthermore, the buffer is not initialized, which means that there is also a possible buffer overrun if the column-name is too long, since `strncpy` will not append a NUL. Instead, copy the column-name directly to the field using `snprintf`, and run `strchr` from the last underscore on each iteration. Signed-off-by: Jeremy Sowden <jeremy@xxxxxxxxxx> --- output/sqlite3/ulogd_output_SQLITE3.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/output/sqlite3/ulogd_output_SQLITE3.c b/output/sqlite3/ulogd_output_SQLITE3.c index da1c09f08047..e3040a8a2fac 100644 --- a/output/sqlite3/ulogd_output_SQLITE3.c +++ b/output/sqlite3/ulogd_output_SQLITE3.c @@ -303,9 +303,6 @@ static int sqlite3_init_db(struct ulogd_pluginstance *pi) { struct sqlite3_priv *priv = (void *)pi->private; - char buf[ULOGD_MAX_KEYLEN + 1]; - char *underscore; - struct field *f; sqlite3_stmt *schema_stmt; int col, num_cols; @@ -325,24 +322,27 @@ sqlite3_init_db(struct ulogd_pluginstance *pi) } for (col = 0; col < num_cols; col++) { - strncpy(buf, sqlite3_column_name(schema_stmt, col), ULOGD_MAX_KEYLEN); - - /* replace all underscores with dots */ - while ((underscore = strchr(buf, '_')) != NULL) - *underscore = '.'; - - DEBUGP("field '%s' found\n", buf); + struct field *f; + char *underscore; /* prepend it to the linked list */ if ((f = calloc(1, sizeof(struct field))) == NULL) { ulogd_log(ULOGD_ERROR, "SQLITE3: out of memory\n"); return -1; } - strncpy(f->name, buf, ULOGD_MAX_KEYLEN); + snprintf(f->name, sizeof(f->name), + "%s", sqlite3_column_name(schema_stmt, col)); + + /* replace all underscores with dots */ + for (underscore = f->name; + (underscore = strchr(underscore, '_')) != NULL; ) + *underscore = '.'; + + DEBUGP("field '%s' found\n", f->name); - if ((f->key = ulogd_find_key(pi, buf)) == NULL) { + if ((f->key = ulogd_find_key(pi, f->name)) == NULL) { ulogd_log(ULOGD_ERROR, - "SQLITE3: unknown input key: %s\n", buf); + "SQLITE3: unknown input key: %s\n", f->name); free(f); return -1; } -- 2.33.0