Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit66eb8df

Browse files
committed
The attached patch changes most of the usages of sprintf() to
snprintf() in contrib/. I didn't touch the places where pointerarithmatic was being used, or other areas where the fix wasn'ttrivial. I would think that few, if any, of the usages of sprintf()were actually exploitable, but it's probably better to be paranoid...Neil Conway
1 parent7f4981f commit66eb8df

File tree

15 files changed

+80
-70
lines changed

15 files changed

+80
-70
lines changed

‎contrib/dbase/dbf.c‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -437,7 +437,7 @@ dbf_put_record(dbhead * dbh, field * rec, u_long where)
437437
format: sprintf format-string to get the right precision with real numbers
438438
439439
NOTE: this declaration of 'foo' can cause overflow when the contents-field
440-
is longer the 127 chars (which is highly unlikely,cos it is not used
440+
is longer the 127 chars (which is highly unlikely,because it is not used
441441
in text-fields).
442442
*/
443443
/*REMEMBER THAT THERE'S A 0x1A AT THE END OF THE FILE, SO DON'T
@@ -488,11 +488,11 @@ dbf_put_record(dbhead * dbh, field * rec, u_long where)
488488
if ((rec[t].db_type=='N')&& (rec[t].db_dec!=0))
489489
{
490490
fl=atof(rec[t].db_contents);
491-
sprintf(format,"%%.%df",rec[t].db_dec);
492-
sprintf(foo,format,fl);
491+
snprintf(format,32,"%%.%df",rec[t].db_dec);
492+
snprintf(foo,128,format,fl);
493493
}
494494
else
495-
strcpy(foo,rec[t].db_contents);
495+
strncpy(foo,rec[t].db_contents,128);
496496
if (strlen(foo)>rec[t].db_flen)
497497
length=rec[t].db_flen;
498498
else

‎contrib/dbase/dbf2pg.c‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -308,7 +308,7 @@ do_create(PGconn *conn, char *table, dbhead * dbh)
308308
if (dbh->db_fields[i].db_flen>1)
309309
{
310310
strcat(query," varchar");
311-
sprintf(t,"(%d)",
311+
snprintf(t,20,"(%d)",
312312
dbh->db_fields[i].db_flen);
313313
strcat(query,t);
314314
}
@@ -361,7 +361,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh)
361361
result;
362362
char*query,
363363
*foo;
364-
charpgdate[10];
364+
charpgdate[11];
365365

366366
if (verbose>1)
367367
printf("Inserting records\n");
@@ -467,7 +467,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh)
467467
{
468468
if ((strlen(foo)==8)&&isinteger(foo))
469469
{
470-
sprintf(pgdate,"%c%c%c%c-%c%c-%c%c",
470+
snprintf(pgdate,11,"%c%c%c%c-%c%c-%c%c",
471471
foo[0],foo[1],foo[2],foo[3],
472472
foo[4],foo[5],foo[6],foo[7]);
473473
strcat(query,pgdate);

‎contrib/findoidjoins/findoidjoins.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -68,14 +68,14 @@ main(int argc, char **argv)
6868
{
6969
unset_result(relres);
7070
if (strcmp(typname,"oid")==0)
71-
sprintf(query,"\
71+
snprintf(query,4000,"\
7272
DECLARE c_matches BINARY CURSOR FOR \
7373
SELECTcount(*)::int4 \
7474
FROM \"%s\" t1, \"%s\" t2 \
7575
WHERE t1.\"%s\" = t2.oid ",
7676
relname,relname2,attname);
7777
else
78-
sprintf(query,"\
78+
sprintf(query,4000,"\
7979
DECLARE c_matches BINARY CURSOR FOR \
8080
SELECTcount(*)::int4 \
8181
FROM \"%s\" t1, \"%s\" t2 \

‎contrib/lo/lo.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/*
22
*PostgreSQL type definitions for managed LargeObjects.
33
*
4-
*$Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.11 2001/12/07 04:18:31 inoue Exp $
4+
*$Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.12 2002/08/15 02:58:29 momjian Exp $
55
*
66
*/
77

@@ -92,7 +92,7 @@ lo_out(Blob * addr)
9292
return (NULL);
9393

9494
result= (char*)palloc(32);
95-
sprintf(result,"%u",*addr);
95+
snprintf(result,32,"%u",*addr);
9696
return (result);
9797
}
9898

‎contrib/mSQL-interface/mpgsql.c‎

Lines changed: 8 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -106,7 +106,7 @@ msqlCreateDB(int a, char *b)
106106
{
107107
chartbuf[BUFSIZ];
108108

109-
sprintf(tbuf,"create database %s",b);
109+
snprintf(tbuf,BUFSIZ,"create database %s",b);
110110
returnmsqlQuery(a,tbuf) >=0 ?0 :-1;
111111
}
112112

@@ -115,7 +115,7 @@ msqlDropDB(int a, char *b)
115115
{
116116
chartbuf[BUFSIZ];
117117

118-
sprintf(tbuf,"drop database %s",b);
118+
snprintf(tbuf,BUFSIZ,"drop database %s",b);
119119
returnmsqlQuery(a,tbuf) >=0 ?0 :-1;
120120
}
121121

@@ -262,7 +262,9 @@ msqlListTables(int a)
262262
m_result*m;
263263
chartbuf[BUFSIZ];
264264

265-
sprintf(tbuf,"select relname from pg_class where relkind='r' and relowner=%d",getuid());
265+
snprintf(tbuf,BUFSIZ,
266+
"select relname from pg_class where relkind='r' and relowner=%d",
267+
getuid());
266268
if (msqlQuery(a,tbuf)>0)
267269
{
268270
m=msqlStoreResult();
@@ -284,7 +286,9 @@ msqlListIndex(int a, char *b, char *c)
284286
m_result*m;
285287
chartbuf[BUFSIZ];
286288

287-
sprintf(tbuf,"select relname from pg_class where relkind='i' and relowner=%d",getuid());
289+
snprintf(tbuf,BUFSIZ,
290+
"select relname from pg_class where relkind='i' and relowner=%d",
291+
getuid());
288292
if (msqlQuery(a,tbuf)>0)
289293
{
290294
m=msqlStoreResult();

‎contrib/oid2name/oid2name.c‎

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -337,7 +337,7 @@ sql_exec_dumpdb(PGconn *conn)
337337
chartodo[1024];
338338

339339
/* get the oid and database name from the system pg_database table */
340-
sprintf(todo,"select oid,datname from pg_database");
340+
snprintf(todo,1024,"select oid,datname from pg_database");
341341

342342
sql_exec(conn,todo,0);
343343
}
@@ -351,9 +351,9 @@ sql_exec_dumptable(PGconn *conn, int systables)
351351

352352
/* don't exclude the systables if this is set */
353353
if (systables==1)
354-
sprintf(todo,"select relfilenode,relname from pg_class order by relname");
354+
snprintf(todo,1024,"select relfilenode,relname from pg_class order by relname");
355355
else
356-
sprintf(todo,"select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname");
356+
snprintf(todo,1024,"select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname");
357357

358358
sql_exec(conn,todo,0);
359359
}
@@ -367,7 +367,7 @@ sql_exec_searchtable(PGconn *conn, const char *tablename)
367367
chartodo[1024];
368368

369369
/* get the oid and tablename where the name matches tablename */
370-
sprintf(todo,"select relfilenode,relname from pg_class where relname = '%s'",tablename);
370+
snprintf(todo,1024,"select relfilenode,relname from pg_class where relname = '%s'",tablename);
371371

372372
returnvalue=sql_exec(conn,todo,1);
373373

@@ -386,7 +386,7 @@ sql_exec_searchoid(PGconn *conn, int oid)
386386
intreturnvalue;
387387
chartodo[1024];
388388

389-
sprintf(todo,"select relfilenode,relname from pg_class where oid = %i",oid);
389+
snprintf(todo,1024,"select relfilenode,relname from pg_class where oid = %i",oid);
390390

391391
returnvalue=sql_exec(conn,todo,1);
392392

‎contrib/pg_dumplo/lo_export.c‎

Lines changed: 7 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/* -------------------------------------------------------------------------
22
* pg_dumplo
33
*
4-
* $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_export.c,v 1.8 2001/10/25 05:49:19 momjian Exp $
4+
* $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_export.c,v 1.9 2002/08/15 02:58:29 momjian Exp $
55
*
66
*Karel Zak 1999-2000
77
* -------------------------------------------------------------------------
@@ -110,8 +110,9 @@ pglo_export(LODumpMaster * pgLO)
110110
/*
111111
* Query: find the LOs referenced by this column
112112
*/
113-
sprintf(Qbuff,"SELECT DISTINCT l.loid FROM \"%s\" x, pg_largeobject l WHERE x.\"%s\" = l.loid",
114-
ll->lo_table,ll->lo_attr);
113+
snprintf(Qbuff,QUERY_BUFSIZ,
114+
"SELECT DISTINCT l.loid FROM \"%s\" x, pg_largeobject l WHERE x.\"%s\" = l.loid",
115+
ll->lo_table,ll->lo_attr);
115116

116117
/* puts(Qbuff); */
117118

@@ -140,7 +141,7 @@ pglo_export(LODumpMaster * pgLO)
140141
if (pgLO->action!=ACTION_SHOW)
141142
{
142143

143-
sprintf(path,"%s/%s/%s",pgLO->space,pgLO->db,
144+
snprintf(path,BUFSIZ,"%s/%s/%s",pgLO->space,pgLO->db,
144145
ll->lo_table);
145146

146147
if (mkdir(path,DIR_UMASK)==-1)
@@ -152,7 +153,7 @@ pglo_export(LODumpMaster * pgLO)
152153
}
153154
}
154155

155-
sprintf(path,"%s/%s/%s/%s",pgLO->space,pgLO->db,
156+
snprintf(path,BUFSIZ,"%s/%s/%s/%s",pgLO->space,pgLO->db,
156157
ll->lo_table,ll->lo_attr);
157158

158159
if (mkdir(path,DIR_UMASK)==-1)
@@ -185,7 +186,7 @@ pglo_export(LODumpMaster * pgLO)
185186
continue;
186187
}
187188

188-
sprintf(path,"%s/%s/%s/%s/%s",pgLO->space,
189+
snprintf(path,BUFSIZ,"%s/%s/%s/%s/%s",pgLO->space,
189190
pgLO->db,ll->lo_table,ll->lo_attr,val);
190191

191192
if (lo_export(pgLO->conn,lo,path)<0)

‎contrib/pg_dumplo/lo_import.c‎

Lines changed: 4 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/* -------------------------------------------------------------------------
22
* pg_dumplo
33
*
4-
* $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_import.c,v 1.6 2001/10/25 05:49:19 momjian Exp $
4+
* $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_import.c,v 1.7 2002/08/15 02:58:29 momjian Exp $
55
*
66
*Karel Zak 1999-2000
77
* -------------------------------------------------------------------------
@@ -48,7 +48,7 @@ pglo_import(LODumpMaster * pgLO)
4848
loa.lo_table=tab;
4949
loa.lo_attr=attr;
5050

51-
sprintf(lo_path,"%s/%s",pgLO->space,path);
51+
snprintf(lo_path,BUFSIZ,"%s/%s",pgLO->space,path);
5252

5353
/*
5454
* Import LO
@@ -81,7 +81,8 @@ pglo_import(LODumpMaster * pgLO)
8181
/*
8282
* UPDATE oid in tab
8383
*/
84-
sprintf(Qbuff,"UPDATE \"%s\" SET \"%s\"=%u WHERE \"%s\"=%u",
84+
snprintf(Qbuff,QUERY_BUFSIZ,
85+
"UPDATE \"%s\" SET \"%s\"=%u WHERE \"%s\"=%u",
8586
loa.lo_table,loa.lo_attr,new_oid,loa.lo_attr,loa.lo_oid);
8687

8788
/* fprintf(stderr, Qbuff); */

‎contrib/pg_dumplo/utils.c‎

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
/* -------------------------------------------------------------------------
22
* pg_dumplo
33
*
4-
* $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.4 2001/03/22 03:59:10 momjian Exp $
4+
* $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.5 2002/08/15 02:58:29 momjian Exp $
55
*
66
*Karel Zak 1999-2000
77
* -------------------------------------------------------------------------
@@ -36,7 +36,7 @@ index_file(LODumpMaster * pgLO)
3636
if (pgLO->action==ACTION_SHOW)
3737
return;
3838

39-
sprintf(path,"%s/%s",pgLO->space,pgLO->db);
39+
snprintf(path,BUFSIZ,"%s/%s",pgLO->space,pgLO->db);
4040

4141
if (pgLO->action==ACTION_EXPORT_ATTR||
4242
pgLO->action==ACTION_EXPORT_ALL)
@@ -51,7 +51,7 @@ index_file(LODumpMaster * pgLO)
5151
}
5252
}
5353

54-
sprintf(path,"%s/lo_dump.index",path);
54+
snprintf(path,BUFSIZ,"%s/lo_dump.index",path);
5555

5656
if ((pgLO->index=fopen(path,"w"))==NULL)
5757
{
@@ -63,7 +63,7 @@ index_file(LODumpMaster * pgLO)
6363
elseif (pgLO->action!=ACTION_NONE)
6464
{
6565

66-
sprintf(path,"%s/lo_dump.index",path);
66+
snprintf(path,BUFSIZ,"%s/lo_dump.index",path);
6767

6868
if ((pgLO->index=fopen(path,"r"))==NULL)
6969
{

‎contrib/pg_resetxlog/pg_resetxlog.c‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -23,7 +23,7 @@
2323
* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
2424
* Portions Copyright (c) 1994, Regents of the University of California
2525
*
26-
* $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.18 2002/06/20 20:29:24 momjian Exp $
26+
* $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.19 2002/08/15 02:58:29 momjian Exp $
2727
*
2828
*-------------------------------------------------------------------------
2929
*/
@@ -352,7 +352,7 @@ KillExistingXLOG(void)
352352
if (strlen(xlde->d_name)==16&&
353353
strspn(xlde->d_name,"0123456789ABCDEF")==16)
354354
{
355-
sprintf(path,"%s/%s",XLogDir,xlde->d_name);
355+
snprintf(path,MAXPGPATH,"%s/%s",XLogDir,xlde->d_name);
356356
if (unlink(path)<0)
357357
{
358358
perror(path);

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp