The attached patch changes most of the usages of sprintf() to

snprintf() in contrib/. I didn't touch the places where pointer arithmatic was being used, or other areas where the fix wasn't trivial. I would think that few, if any, of the usages of sprintf() were actually exploitable, but it's probably better to be paranoid... Neil Conway
2025-07-27 12:41:57 +03:00 · 2002-08-15 02:58:29 +00:00
parent 7f4981f4af
commit 66eb8df6a4
15 changed files with 80 additions and 70 deletions
--- a/contrib/dbase/dbf2pg.c
+++ b/contrib/dbase/dbf2pg.c
@ -308,7 +308,7 @@ do_create(PGconn *conn, char *table, dbhead * dbh)
 				if (dbh->db_fields[i].db_flen > 1)
 				{
 					strcat(query, " varchar");
-					sprintf(t, "(%d)",
+					snprintf(t, 20, "(%d)",
 							dbh->db_fields[i].db_flen);
 					strcat(query, t);
 				}
@ -361,7 +361,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh)
 				result;
 	char	   *query,
 			   *foo;
-	char		pgdate[10];
+	char		pgdate[11];

 	if (verbose > 1)
 		printf("Inserting records\n");
@ -467,7 +467,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh)
 				{
 					if ((strlen(foo) == 8) && isinteger(foo))
 					{
-						sprintf(pgdate, "%c%c%c%c-%c%c-%c%c",
+						snprintf(pgdate, 11, "%c%c%c%c-%c%c-%c%c",
 								foo[0], foo[1], foo[2], foo[3],
 								foo[4], foo[5], foo[6], foo[7]);
 						strcat(query, pgdate);