From ab7b7f42e9dbb9575d9c6ea7a78fffbf3894c775 Mon Sep 17 00:00:00 2001
From: Bomin Zhang <bmzhang@taosdata.com>
Date: Wed, 10 Jun 2020 10:24:16 +0800
Subject: [PATCH] TD-459: TSDB_PASSWORD_LEN

---
 src/client/src/tscSQLParser.c     | 2 +-
 src/client/src/tscSql.c           | 4 ++--
 src/common/src/tglobal.c          | 2 +-
 src/plugins/http/src/gcHandle.c   | 2 +-
 src/plugins/http/src/httpAuth.c   | 4 ++--
 src/plugins/http/src/restHandle.c | 2 +-
 src/plugins/http/src/tgHandle.c   | 4 ++--
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/src/client/src/tscSQLParser.c b/src/client/src/tscSQLParser.c
index 9c64786459..acaabbf17d 100644
--- a/src/client/src/tscSQLParser.c
+++ b/src/client/src/tscSQLParser.c
@@ -169,7 +169,7 @@ static int32_t handlePassword(SSqlCmd* pCmd, SSQLToken* pPwd) {
     return invalidSqlErrMsg(tscGetErrorMsgPayload(pCmd), msg1);
   }
 
-  if (pPwd->n > TSDB_PASSWORD_LEN) {
+  if (pPwd->n >= TSDB_PASSWORD_LEN) {
     return invalidSqlErrMsg(tscGetErrorMsgPayload(pCmd), msg2);
   }
 
diff --git a/src/client/src/tscSql.c b/src/client/src/tscSql.c
index 5f2a8598db..a5cfa40516 100644
--- a/src/client/src/tscSql.c
+++ b/src/client/src/tscSql.c
@@ -45,11 +45,11 @@ static bool validImpl(const char* str, size_t maxsize) {
 }
 
 static bool validUserName(const char* user) {
-  return validImpl(user, TSDB_USER_LEN);
+  return validImpl(user, TSDB_USER_LEN - 1);
 }
 
 static bool validPassword(const char* passwd) {
-  return validImpl(passwd, TSDB_PASSWORD_LEN);
+  return validImpl(passwd, TSDB_PASSWORD_LEN - 1);
 }
 
 SSqlObj *taosConnectImpl(const char *ip, const char *user, const char *pass, const char *db, uint16_t port,
diff --git a/src/common/src/tglobal.c b/src/common/src/tglobal.c
index 8c77f0b5f3..0cd0e48fbf 100644
--- a/src/common/src/tglobal.c
+++ b/src/common/src/tglobal.c
@@ -728,7 +728,7 @@ static void doInitGlobalConfig() {
   cfg.cfgType = TSDB_CFG_CTYPE_B_CONFIG | TSDB_CFG_CTYPE_B_CLIENT | TSDB_CFG_CTYPE_B_NOT_PRINT;
   cfg.minValue = 0;
   cfg.maxValue = 0;
-  cfg.ptrLength = TSDB_PASSWORD_LEN;
+  cfg.ptrLength = TSDB_PASSWORD_LEN - 1;
   cfg.unitType = TAOS_CFG_UTYPE_NONE;
   taosInitConfigOption(cfg);
 
diff --git a/src/plugins/http/src/gcHandle.c b/src/plugins/http/src/gcHandle.c
index a99059ea34..176e16301b 100644
--- a/src/plugins/http/src/gcHandle.c
+++ b/src/plugins/http/src/gcHandle.c
@@ -58,7 +58,7 @@ bool gcGetUserFromUrl(HttpContext* pContext) {
 
 bool gcGetPassFromUrl(HttpContext* pContext) {
   HttpParser* pParser = &pContext->parser;
-  if (pParser->path[GC_PASS_URL_POS].len > TSDB_PASSWORD_LEN - 1 || pParser->path[GC_PASS_URL_POS].len <= 0) {
+  if (pParser->path[GC_PASS_URL_POS].len >= TSDB_PASSWORD_LEN || pParser->path[GC_PASS_URL_POS].len <= 0) {
     return false;
   }
 
diff --git a/src/plugins/http/src/httpAuth.c b/src/plugins/http/src/httpAuth.c
index 752c7d1d50..4738da4fb0 100644
--- a/src/plugins/http/src/httpAuth.c
+++ b/src/plugins/http/src/httpAuth.c
@@ -89,7 +89,7 @@ bool httpParseTaosdAuthToken(HttpContext *pContext, char *token, int len) {
     return false;
   } else {
     tstrncpy(pContext->user, descrypt, sizeof(pContext->user));
-    tstrncpy(pContext->pass, descrypt + TSDB_USER_LEN, TSDB_PASSWORD_LEN);
+    tstrncpy(pContext->pass, descrypt + TSDB_USER_LEN, sizeof(pContext->pass));
 
     httpTrace("context:%p, fd:%d, ip:%s, taosd token:%s parsed success, user:%s", pContext, pContext->fd,
               pContext->ipstr, token, pContext->user);
@@ -102,7 +102,7 @@ bool httpParseTaosdAuthToken(HttpContext *pContext, char *token, int len) {
 bool httpGenTaosdAuthToken(HttpContext *pContext, char *token, int maxLen) {
   char buffer[TSDB_USER_LEN + TSDB_PASSWORD_LEN] = {0};
   strncpy(buffer, pContext->user, sizeof(pContext->user));
-  strncpy(buffer + TSDB_USER_LEN, pContext->pass, TSDB_PASSWORD_LEN);
+  strncpy(buffer + TSDB_USER_LEN, pContext->pass, sizeof(pContext->pass));
 
   char *encrypt = taosDesEncode(KEY_DES_4, buffer, TSDB_USER_LEN + TSDB_PASSWORD_LEN);
   char *base64 = base64_encode((const unsigned char *)encrypt, TSDB_USER_LEN + TSDB_PASSWORD_LEN);
diff --git a/src/plugins/http/src/restHandle.c b/src/plugins/http/src/restHandle.c
index b9b096ac77..93094fa287 100644
--- a/src/plugins/http/src/restHandle.c
+++ b/src/plugins/http/src/restHandle.c
@@ -71,7 +71,7 @@ bool restGetUserFromUrl(HttpContext* pContext) {
 
 bool restGetPassFromUrl(HttpContext* pContext) {
   HttpParser* pParser = &pContext->parser;
-  if (pParser->path[REST_PASS_URL_POS].len > TSDB_PASSWORD_LEN - 1 || pParser->path[REST_PASS_URL_POS].len <= 0) {
+  if (pParser->path[REST_PASS_URL_POS].len >= TSDB_PASSWORD_LEN || pParser->path[REST_PASS_URL_POS].len <= 0) {
     return false;
   }
 
diff --git a/src/plugins/http/src/tgHandle.c b/src/plugins/http/src/tgHandle.c
index abc4acae65..b85f27d175 100644
--- a/src/plugins/http/src/tgHandle.c
+++ b/src/plugins/http/src/tgHandle.c
@@ -316,11 +316,11 @@ bool tgGetUserFromUrl(HttpContext *pContext) {
 
 bool tgGetPassFromUrl(HttpContext *pContext) {
   HttpParser *pParser = &pContext->parser;
-  if (pParser->path[TG_PASS_URL_POS].len > TSDB_PASSWORD_LEN - 1 || pParser->path[TG_PASS_URL_POS].len <= 0) {
+  if (pParser->path[TG_PASS_URL_POS].len >= TSDB_PASSWORD_LEN || pParser->path[TG_PASS_URL_POS].len <= 0) {
     return false;
   }
 
-  tstrncpy(pContext->pass, pParser->path[TG_PASS_URL_POS].pos, TSDB_PASSWORD_LEN);
+  tstrncpy(pContext->pass, pParser->path[TG_PASS_URL_POS].pos, sizeof(pContext->pass));
   return true;
 }
 
-- 
GitLab