From: Kern Sibbald <kern@sibbald.com>
Date: Sat, 2 Jun 2007 14:53:17 +0000 (+0000)
Subject: Fix Bacula PostgreSQL buffer overruns.
X-Git-Tag: Release-7.0.0~6176
X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=32e3c1b5bb8afd35395632faaa7eefbe0fded77b;p=bacula%2Fbacula

Fix Bacula PostgreSQL buffer overruns.

git-svn-id: https://bacula.svn.sourceforge.net/svnroot/bacula/trunk@4969 91ce42f0-d328-0410-95d8-f526ca767f89
---

diff --git a/bacula/src/cats/cats.h b/bacula/src/cats/cats.h
index c5428750ed..007a795c83 100644
--- a/bacula/src/cats/cats.h
+++ b/bacula/src/cats/cats.h
@@ -442,9 +442,11 @@ struct B_DB {
    POSTGRESQL_ROW row;
    POSTGRESQL_FIELD *fields;
    int num_rows;
+   int row_size;                  /* size of malloced rows */
    int num_fields;
-   int row_number;            /* what row number did we get via my_postgresql_data_seek? */
-   int field_number;          /* what field number did we get via my_postgresql_field_seek? */
+   int fields_size;               /* size of malloced fields */
+   int row_number;                /* row number from my_postgresql_data_seek */
+   int field_number;              /* field number from my_postgresql_field_seek */
    int ref_count;
    char *db_name;
    char *db_user;
diff --git a/bacula/src/cats/postgresql.c b/bacula/src/cats/postgresql.c
index 1df2a398cc..3c16f9ed05 100644
--- a/bacula/src/cats/postgresql.c
+++ b/bacula/src/cats/postgresql.c
@@ -341,16 +341,15 @@ POSTGRESQL_ROW my_postgresql_fetch_row(B_DB *mdb)
 
    Dmsg0(500, "my_postgresql_fetch_row start\n");
 
-   if (mdb->row_number == -1 || mdb->row == NULL) {
+   if (!mdb->row || mdb->row_size < mdb->num_fields) {
       Dmsg1(500, "we have need space of %d bytes\n", sizeof(char *) * mdb->num_fields);
 
-      if (mdb->row != NULL) {
+      if (mdb->row) {
          Dmsg0(500, "my_postgresql_fetch_row freeing space\n");
          free(mdb->row);
-         mdb->row = NULL;
       }
-
       mdb->row = (POSTGRESQL_ROW) malloc(sizeof(char *) * mdb->num_fields);
+      mdb->row_size = mdb->num_fields;
 
       // now reset the row_number now that we have the space allocated
       mdb->row_number = 0;
@@ -406,9 +405,14 @@ POSTGRESQL_FIELD * my_postgresql_fetch_field(B_DB *mdb)
    int     i;
 
    Dmsg0(500, "my_postgresql_fetch_field starts\n");
-   if (mdb->fields == NULL) {
+
+   if (!mdb->fields || mdb->fields_size < mdb->num_fields) {
+      if (mdb->fields) {
+         free(mdb->fields);
+      }
       Dmsg1(500, "allocating space for %d fields\n", mdb->num_fields);
       mdb->fields = (POSTGRESQL_FIELD *)malloc(sizeof(POSTGRESQL_FIELD) * mdb->num_fields);
+      mdb->fields_size = mdb->num_fields;
 
       for (i = 0; i < mdb->num_fields; i++) {
          Dmsg1(500, "filling field %d\n", i);
diff --git a/bacula/src/stored/reserve.c b/bacula/src/stored/reserve.c
index 3fb60b4340..18371f7bc5 100644
--- a/bacula/src/stored/reserve.c
+++ b/bacula/src/stored/reserve.c
@@ -1242,7 +1242,6 @@ static int can_reserve_drive(DCR *dcr, RCTX &rctx)
       }
 
       /* Check for prefer mounted volumes */
-//    if (rctx.PreferMountedVols && !dev->VolHdr.VolumeName[0] && dev->is_tape()) {
       if (rctx.PreferMountedVols && !dev->vol && dev->is_tape()) {
          Mmsg(jcr->errmsg, _("3606 JobId=%u prefers mounted drives, but drive %s has no Volume.\n"), 
             jcr->JobId, dev->print_name());
@@ -1271,7 +1270,7 @@ static int can_reserve_drive(DCR *dcr, RCTX &rctx)
                jcr->JobId, rctx.VolumeName, dev->VolHdr.VolumeName, 
                dev->print_name());
             queue_reserve_message(jcr);
-            Dmsg4(dbglvl, "JobId=%u failed: dev have=%s resvol=%s want=%s\n",
+            Dmsg4(dbglvl, "JobId=%u not OK: dev have=%s resvol=%s want=%s\n",
                   (int)jcr->JobId, dev->VolHdr.VolumeName, 
                   dev->vol?dev->vol->vol_name:"*none*", rctx.VolumeName);
             return 0;
diff --git a/bacula/technotes-2.1 b/bacula/technotes-2.1
index b7ddb2e06b..d7c58ee944 100644
--- a/bacula/technotes-2.1
+++ b/bacula/technotes-2.1
@@ -2,6 +2,7 @@
 
 General:
 02Jun07
+kes  Fix Bacula PostgreSQL buffer overruns.
 kes  Do better checking for NULL results returned from PostgreSQL;
      implement retry for failed queries; clear results buffer after
      failed query. Hopefully this will correct the PostgreSQL failures.