Avoid returning undefined bytes in chkpass_in().

tglsfdc · tglsfdc · commit 80986e85aafd · 2015-02-14T12:20:56.000-05:00
We can't really fix the problem that the result is defined to depend on
random(), so it is still going to fail the "unstable input conversion"
test in parse_type.c.  However, we can at least satify valgrind.  (It
looks like this code used to be valgrind-clean, actually, until somebody
did a careless s/strncpy/strlcpy/g on it.)

In passing, let's just make real sure that chkpass_out doesn't overrun
its output buffer.

No need for backpatch, I think, since this is just to satisfy debugging
tools.

Asif Naeem
diff --git a/contrib/chkpass/chkpass.c b/contrib/chkpass/chkpass.c
@@ -65,7 +65,7 @@ chkpass_in(PG_FUNCTION_ARGS)
 	/* special case to let us enter encrypted passwords */
 	if (*str == ':')
 	{
-		result = (chkpass *) palloc(sizeof(chkpass));
+		result = (chkpass *) palloc0(sizeof(chkpass));
 		strlcpy(result->password, str + 1, 13 + 1);
 		PG_RETURN_POINTER(result);
 	}
@@ -75,7 +75,7 @@ chkpass_in(PG_FUNCTION_ARGS)
 				(errcode(ERRCODE_DATA_EXCEPTION),
 				 errmsg("password \"%s\" is weak", str)));
 
-	result = (chkpass *) palloc(sizeof(chkpass));
+	result = (chkpass *) palloc0(sizeof(chkpass));
 
 	mysalt[0] = salt_chars[random() & 0x3f];
 	mysalt[1] = salt_chars[random() & 0x3f];
@@ -107,7 +107,7 @@ chkpass_out(PG_FUNCTION_ARGS)
 
 	result = (char *) palloc(16);
 	result[0] = ':';
-	strcpy(result + 1, password->password);
+	strlcpy(result + 1, password->password, 15);
 
 	PG_RETURN_CSTRING(result);
 }
