From d0c0c894533f906b13b79813f02b2982ac675074 Mon Sep 17 00:00:00 2001 From: Tom Lane Date: Sun, 25 Mar 2018 15:15:32 -0400 Subject: [PATCH] Fix unsafe extraction of the OID part of a relation filename. Commit 8694cc96b did this randomly differently from other callers of parse_filename_for_nontemp_relation(). Perhaps unsurprisingly, the randomly different way is wrong; it fails to ensure the extracted string is null-terminated. Per buildfarm member skink. Discussion: https://postgr.es/m/14453.1522001792@sss.pgh.pa.us --- src/backend/replication/basebackup.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/backend/replication/basebackup.c b/src/backend/replication/basebackup.c index eb6eb7206d..e4c45c5025 100644 --- a/src/backend/replication/basebackup.c +++ b/src/backend/replication/basebackup.c @@ -1056,7 +1056,8 @@ sendDir(const char *path, int basepathlen, bool sizeonly, List *tablespaces, * If any other type of fork, check if there is an init fork * with the same OID. If so, the file can be excluded. */ - strncpy(relOid, de->d_name, relOidChars); + memcpy(relOid, de->d_name, relOidChars); + relOid[relOidChars] = '\0'; snprintf(initForkFile, sizeof(initForkFile), "%s/%s_init", path, relOid);