The attached patch changes most of the usages of sprintf() to

snprintf() in contrib/. I didn't touch the places where pointer arithmatic was being used, or other areas where the fix wasn't trivial. I would think that few, if any, of the usages of sprintf() were actually exploitable, but it's probably better to be paranoid... Neil Conway
2025-08-08 06:02:22 +03:00 · 2002-08-15 02:58:29 +00:00
parent 7f4981f4af
commit 66eb8df6a4
15 changed files with 80 additions and 70 deletions
--- a/contrib/pg_dumplo/utils.c
+++ b/contrib/pg_dumplo/utils.c
@@ -1,7 +1,7 @@
 /* -------------------------------------------------------------------------
 * pg_dumplo
 *
- * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.4 2001/03/22 03:59:10 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.5 2002/08/15 02:58:29 momjian Exp $
 *
 *					Karel Zak 1999-2000
 * -------------------------------------------------------------------------
@@ -36,7 +36,7 @@ index_file(LODumpMaster * pgLO)
 	if (pgLO->action == ACTION_SHOW)
 		return;

-	sprintf(path, "%s/%s", pgLO->space, pgLO->db);
+	snprintf(path, BUFSIZ, "%s/%s", pgLO->space, pgLO->db);

 	if (pgLO->action == ACTION_EXPORT_ATTR ||
 		pgLO->action == ACTION_EXPORT_ALL)
@@ -51,7 +51,7 @@ index_file(LODumpMaster * pgLO)
 			}
 		}

-		sprintf(path, "%s/lo_dump.index", path);
+		snprintf(path, BUFSIZ, "%s/lo_dump.index", path);

 		if ((pgLO->index = fopen(path, "w")) == NULL)
 		{
@@ -63,7 +63,7 @@ index_file(LODumpMaster * pgLO)
 	else if (pgLO->action != ACTION_NONE)
 	{

-		sprintf(path, "%s/lo_dump.index", path);
+		snprintf(path, BUFSIZ, "%s/lo_dump.index", path);

 		if ((pgLO->index = fopen(path, "r")) == NULL)
 		{