diff options
| author | Bruce Momjian | 2002-08-15 02:58:29 +0000 |
|---|---|---|
| committer | Bruce Momjian | 2002-08-15 02:58:29 +0000 |
| commit | 66eb8df6a4a04922e34dcb2dc543fe231b94903d (patch) | |
| tree | 784f595e15219b79a7f4d609b174c155a5c310f7 /contrib/oid2name | |
| parent | 7f4981f4af1700456f98ac3f2b2d84959919ec81 (diff) | |
The attached patch changes most of the usages of sprintf() to
snprintf() in contrib/. I didn't touch the places where pointer
arithmatic was being used, or other areas where the fix wasn't
trivial. I would think that few, if any, of the usages of sprintf()
were actually exploitable, but it's probably better to be paranoid...
Neil Conway
Diffstat (limited to 'contrib/oid2name')
| -rw-r--r-- | contrib/oid2name/oid2name.c | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/contrib/oid2name/oid2name.c b/contrib/oid2name/oid2name.c index 6c3e7d420ab..8613800056b 100644 --- a/contrib/oid2name/oid2name.c +++ b/contrib/oid2name/oid2name.c @@ -337,7 +337,7 @@ sql_exec_dumpdb(PGconn *conn) char todo[1024]; /* get the oid and database name from the system pg_database table */ - sprintf(todo, "select oid,datname from pg_database"); + snprintf(todo, 1024, "select oid,datname from pg_database"); sql_exec(conn, todo, 0); } @@ -351,9 +351,9 @@ sql_exec_dumptable(PGconn *conn, int systables) /* don't exclude the systables if this is set */ if (systables == 1) - sprintf(todo, "select relfilenode,relname from pg_class order by relname"); + snprintf(todo, 1024, "select relfilenode,relname from pg_class order by relname"); else - sprintf(todo, "select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname"); + snprintf(todo, 1024, "select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname"); sql_exec(conn, todo, 0); } @@ -367,7 +367,7 @@ sql_exec_searchtable(PGconn *conn, const char *tablename) char todo[1024]; /* get the oid and tablename where the name matches tablename */ - sprintf(todo, "select relfilenode,relname from pg_class where relname = '%s'", tablename); + snprintf(todo, 1024, "select relfilenode,relname from pg_class where relname = '%s'", tablename); returnvalue = sql_exec(conn, todo, 1); @@ -386,7 +386,7 @@ sql_exec_searchoid(PGconn *conn, int oid) int returnvalue; char todo[1024]; - sprintf(todo, "select relfilenode,relname from pg_class where oid = %i", oid); + snprintf(todo, 1024, "select relfilenode,relname from pg_class where oid = %i", oid); returnvalue = sql_exec(conn, todo, 1); |