@@ -96,8 +96,6 @@ static int sql_createstmt(struct ulogd_pluginstance *upi)
(procedure[strlen("INSERT")] == '\0' ||
procedure[strlen("INSERT")] == ' ')) {
char *stmt_val = mi->stmt;
- char buf[ULOGD_MAX_KEYLEN];
- char *underscore;
if(procedure[6] == '\0') {
/* procedure == "INSERT" */
@@ -112,13 +110,18 @@ static int sql_createstmt(struct ulogd_pluginstance *upi)
stmt_val += sprintf(stmt_val, "%s (", procedure);
for (i = 0; i < upi->input.num_keys; i++) {
+ char *underscore;
+
if (upi->input.keys[i].flags & ULOGD_KEYF_INACTIVE)
continue;
- strncpy(buf, upi->input.keys[i].name, ULOGD_MAX_KEYLEN);
- while ((underscore = strchr(buf, '.')))
+ underscore = stmt_val;
+
+ stmt_val += sprintf(stmt_val, "%s,",
+ upi->input.keys[i].name);
+
+ while ((underscore = strchr(underscore, '.')))
*underscore = '_';
- stmt_val += sprintf(stmt_val, "%s,", buf);
}
*(stmt_val - 1) = ')';
Hitherto, we copied the key-name to a buffer, iterated over it to replace the full-stops with underscores, using `strchr` from the start of the buffer on each iteration, then appended the buffer to the SQL statement. Apart from the inefficiency, `strncpy` was used to do the copies, which led gcc to complain: ../../util/db.c:118:25: warning: `strncpy` output may be truncated copying 31 bytes from a string of length 31 Furthermore, the buffer was one character too short and so there was the possibility of overruns. Instead, we now append the key-name directly to the statement using `sprintf`, and run `strchr` from the last underscore on each iteration. Signed-off-by: Jeremy Sowden <jeremy@azazel.net> --- util/db.c | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-)