On Wed, Dec 7, 2011 at 10:05, Magnus Hagander <magnus@hagander.net> wrote:
> On Tue, Dec 6, 2011 at 17:07, Tom Lane <tgl@sss.pgh.pa.us> wrote:
>> Magnus Hagander <magnus@hagander.net> writes:
>>> There is some nice precedent in the CREATE TABLESPACE command (though
>>> dependent on HAVE_SYMLINK and not HAVE_READLINK), so I'm just going to
>>> copy the error message from there.
>>
>> Fair enough.
>>
>> Looking at the existing readlink use in port/exec.c, it strikes me that
>> another thing you'd better do is include a check for buffer overrun,
>> ie the test needs to be more like
>>
>> rllen = readlink(fname, link_buf, sizeof(link_buf));
>> if (rllen < 0 || rllen >= sizeof(link_buf))
>> ... fail ...
>
> Seems reasonable, yeah. I'll go put a similar check in the
> basebackup.c file as well when I'm done here.
To close this thread (hopefully): Fixed and applied.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
