@@ -135,18 +135,18 @@ static int get_columns_mysql(struct ulogd_pluginstance *upi)
}
for (i = 0; (field = mysql_fetch_field(result)); i++) {
- char buf[ULOGD_MAX_KEYLEN+1];
char *underscore;
+ snprintf(upi->input.keys[i].name,
+ sizeof(upi->input.keys[i].name),
+ "%s", field->name);
+
/* replace all underscores with dots */
- strncpy(buf, field->name, ULOGD_MAX_KEYLEN);
- while ((underscore = strchr(buf, '_')))
+ for (underscore = upi->input.keys[i].name;
+ (underscore = strchr(underscore, '_')); )
*underscore = '.';
- DEBUGP("field '%s' found\n", buf);
-
- /* add it to list of input keys */
- strncpy(upi->input.keys[i].name, buf, ULOGD_MAX_KEYLEN);
+ DEBUGP("field '%s' found\n", upi->input.keys[i].name);
}
/* MySQL Auto increment ... ID :) */
upi->input.keys[0].flags |= ULOGD_KEYF_INACTIVE;
Hitherto, we copied the column-name to a buffer, iterated over it to replace the underscores with full-stops, using `strchr` from the start of the buffer on each iteration, then copied the buffer to the input-key's `name` field. Apart from the inefficiency, `strncpy` was used to do the copies, which led gcc to complain: ulogd_output_MYSQL.c:149:17: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31 Furthermore, the buffer was not initialized, which meant that there was also a possible buffer overrun if the column-name was too long, since `strncpy` would not append a NUL. Instead, we now copy the column-name directly to the input-key using `snprintf`, and run `strchr` from the last underscore on each iteration. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> --- output/mysql/ulogd_output_MYSQL.c | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-)