The attached patch changes most of the usages of sprintf() to

snprintf() in contrib/. I didn't touch the places where pointer arithmatic was being used, or other areas where the fix wasn't trivial. I would think that few, if any, of the usages of sprintf() were actually exploitable, but it's probably better to be paranoid... Neil Conway
author: Bruce Momjian 2002-08-15 02:58:29 +0000
committer: Bruce Momjian 2002-08-15 02:58:29 +0000
commit: 66eb8df6a4a04922e34dcb2dc543fe231b94903d (patch)
tree: 784f595e15219b79a7f4d609b174c155a5c310f7 /contrib/vacuumlo
parent: 7f4981f4af1700456f98ac3f2b2d84959919ec81 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/contrib/vacuumlo/vacuumlo.c b/contrib/vacuumlo/vacuumlo.c
index cbeb562b32f..ac80ea361ad 100644
--- a/contrib/vacuumlo/vacuumlo.c
+++ b/contrib/vacuumlo/vacuumlo.c
@@ -8,7 +8,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/contrib/vacuumlo/vacuumlo.c,v 1.12 2002/06/20 20:29:24 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/contrib/vacuumlo/vacuumlo.c,v 1.13 2002/08/15 02:58:29 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -288,7 +288,7 @@ vacuumlo(char *database, struct _param *param)
 		 * Postgres-ism and not portable to other DBMSs, but then this
 		 * whole program is a Postgres-ism.
 		 */
-		sprintf(buf, "DELETE FROM vacuum_l WHERE lo = \"%s\".\"%s\" ",
+		snprintf(buf, BUFSIZE, "DELETE FROM vacuum_l WHERE lo = \"%s\".\"%s\" ",
 				table, field);
 		res2 = PQexec(conn, buf);
 		if (PQresultStatus(res2) != PGRES_COMMAND_OK)
author	Bruce Momjian	2002-08-15 02:58:29 +0000
committer	Bruce Momjian	2002-08-15 02:58:29 +0000
commit	66eb8df6a4a04922e34dcb2dc543fe231b94903d (patch)
tree	784f595e15219b79a7f4d609b174c155a5c310f7 /contrib/vacuumlo
parent	7f4981f4af1700456f98ac3f2b2d84959919ec81 (diff)