From 2fed676c937cdcdfafa72865308b84a7f273e730 Mon Sep 17 00:00:00 2001
From: Tom Lane
Date: Tue, 29 Mar 2016 11:54:57 -0400
Subject: Avoid possibly-unsafe use of Windows' FormatMessage() function.

Whenever this function is used with the FORMAT_MESSAGE_FROM_SYSTEM flag,
it's good practice to include FORMAT_MESSAGE_IGNORE_INSERTS as well.
Otherwise, if the message contains any %n insertion markers, the function
will try to fetch argument strings to substitute --- which we are not
passing, possibly leading to a crash.  This is exactly analogous to the
rule about not giving printf() a format string you're not in control of.

Noted and patched by Christian Ullrich.
Back-patch to all supported branches.
---
 src/backend/libpq/auth.c        | 4 +++-
 src/backend/port/win32/socket.c | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

(limited to 'src/backend')

diff --git a/src/backend/libpq/auth.c b/src/backend/libpq/auth.c
index 334b1a89547..31b56da1e27 100644
--- a/src/backend/libpq/auth.c
+++ b/src/backend/libpq/auth.c
@@ -1013,7 +1013,9 @@ pg_SSPI_error(int severity, const char *errmsg, SECURITY_STATUS r)
 {
 	char		sysmsg[256];
 
-	if (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, NULL, r, 0,
+	if (FormatMessage(FORMAT_MESSAGE_IGNORE_INSERTS |
+					  FORMAT_MESSAGE_FROM_SYSTEM,
+					  NULL, r, 0,
 					  sysmsg, sizeof(sysmsg), NULL) == 0)
 		ereport(severity,
 				(errmsg_internal("%s", errmsg),
diff --git a/src/backend/port/win32/socket.c b/src/backend/port/win32/socket.c
index 9b624dd580e..19597bf870c 100644
--- a/src/backend/port/win32/socket.c
+++ b/src/backend/port/win32/socket.c
@@ -657,7 +657,9 @@ pgwin32_socket_strerror(int err)
 	}
 
 	ZeroMemory(&wserrbuf, sizeof(wserrbuf));
-	if (FormatMessage(FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_FROM_HMODULE,
+	if (FormatMessage(FORMAT_MESSAGE_IGNORE_INSERTS |
+					  FORMAT_MESSAGE_FROM_SYSTEM |
+					  FORMAT_MESSAGE_FROM_HMODULE,
 					  handleDLL,
 					  err,
 					  MAKELANGID(LANG_ENGLISH, SUBLANG_DEFAULT),
-- 
cgit v1.2.3