From f0fbd7b87e4b2e282c2cb7cd448214770d6af9bd Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Fri, 1 Jan 1999 04:48:49 +0000 Subject: [PATCH] Some security, since we now have vsnprintf, I remade an old patch with some extra ugly sprintfs fixed. More work in this area is needed still. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Göran Thyni --- src/backend/utils/error/elog.c | 4 ++-- src/backend/utils/error/format.c | 8 ++------ src/backend/utils/misc/trace.c | 8 ++++---- src/backend/utils/mmgr/portalmem.c | 8 ++++---- src/backend/utils/sort/psort.c | 5 +++-- 5 files changed, 15 insertions(+), 18 deletions(-) diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c index 09f4627daf..e965cd2ad3 100644 --- a/src/backend/utils/error/elog.c +++ b/src/backend/utils/error/elog.c @@ -7,7 +7,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/error/elog.c,v 1.35 1998/09/01 04:33:07 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/error/elog.c,v 1.36 1999/01/01 04:48:45 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -133,7 +133,7 @@ elog(int lev, const char *fmt,...) else *bp++ = *cp; *bp = '\0'; - vsprintf(line, buf, ap); + vsnprintf(line, ELOG_MAXLEN - 1, buf, ap); va_end(ap); #ifdef USE_SYSLOG diff --git a/src/backend/utils/error/format.c b/src/backend/utils/error/format.c index 7c3661da4b..a4e526083b 100644 --- a/src/backend/utils/error/format.c +++ b/src/backend/utils/error/format.c @@ -7,7 +7,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/error/Attic/format.c,v 1.7 1998/09/01 03:26:40 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/error/Attic/format.c,v 1.8 1999/01/01 04:48:46 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -29,12 +29,8 @@ char * form(const char *fmt,...) { va_list args; - va_start(args, fmt); - - vsprintf(FormBuf, fmt, args); - + vsnprintf(FormBuf, FormMaxSize - 1, fmt, args); va_end(args); - return FormBuf; } diff --git a/src/backend/utils/misc/trace.c b/src/backend/utils/misc/trace.c index 0f58a122dd..def34162f2 100644 --- a/src/backend/utils/misc/trace.c +++ b/src/backend/utils/misc/trace.c @@ -108,7 +108,7 @@ tprintf(int flag, const char *fmt,...) #ifdef ELOG_TIMESTAMPS strcpy(line, tprintf_timestamp()); #endif - vsprintf(line + TIMESTAMP_SIZE, fmt, ap); + vsnprintf(line + TIMESTAMP_SIZE, ELOG_MAXLEN, fmt, ap); va_end(ap); #ifdef USE_SYSLOG @@ -138,7 +138,7 @@ tprintf1(const char *fmt, ... ) #ifdef ELOG_TIMESTAMPS strcpy(line, tprintf_timestamp()); #endif - vsprintf(line+TIMESTAMP_SIZE, fmt, ap); + vsnprintf(line+TIMESTAMP_SIZE, ELOG_MAXLEN, fmt, ap); va_end(ap); #ifdef USE_SYSLOG @@ -166,7 +166,7 @@ eprintf(const char *fmt,...) #ifdef ELOG_TIMESTAMPS strcpy(line, tprintf_timestamp()); #endif - vsprintf(line + TIMESTAMP_SIZE, fmt, ap); + vsnprintf(line + TIMESTAMP_SIZE, ELOG_MAXLEN, fmt, ap); va_end(ap); #ifdef USE_SYSLOG @@ -344,7 +344,7 @@ read_pg_options(SIGNAL_ARGS) return; } - sprintf(buffer, "%s/%s", DataDir, "pg_options"); + snprintf(buffer, BUF_SIZE - 1, "%s/%s", DataDir, "pg_options"); if ((fd = open(buffer, O_RDONLY)) < 0) return; diff --git a/src/backend/utils/mmgr/portalmem.c b/src/backend/utils/mmgr/portalmem.c index eb948123be..f369c4359c 100644 --- a/src/backend/utils/mmgr/portalmem.c +++ b/src/backend/utils/mmgr/portalmem.c @@ -7,7 +7,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/src/backend/utils/mmgr/portalmem.c,v 1.14 1998/09/01 04:33:39 momjian Exp $ + * $Header: /cvsroot/pgsql/src/backend/utils/mmgr/portalmem.c,v 1.15 1999/01/01 04:48:47 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -129,7 +129,7 @@ do { \ PortalHashEnt *hentry; bool found; char key[MAX_PORTALNAME_LEN]; \ \ MemSet(key, 0, MAX_PORTALNAME_LEN); \ - sprintf(key, "%s", NAME); \ + snprintf(key, MAX_PORTALNAME_LEN - 1, "%s", NAME); \ hentry = (PortalHashEnt*)hash_search(PortalHashTable, \ key, HASH_FIND, &found); \ if (hentry == NULL) \ @@ -145,7 +145,7 @@ do { \ PortalHashEnt *hentry; bool found; char key[MAX_PORTALNAME_LEN]; \ \ MemSet(key, 0, MAX_PORTALNAME_LEN); \ - sprintf(key, "%s", PORTAL->name); \ + snprintf(key, MAX_PORTALNAME_LEN - 1, "%s", PORTAL->name); \ hentry = (PortalHashEnt*)hash_search(PortalHashTable, \ key, HASH_ENTER, &found); \ if (hentry == NULL) \ @@ -160,7 +160,7 @@ do { \ PortalHashEnt *hentry; bool found; char key[MAX_PORTALNAME_LEN]; \ \ MemSet(key, 0, MAX_PORTALNAME_LEN); \ - sprintf(key, "%s", PORTAL->name); \ + snprintf(key, MAX_PORTALNAME_LEN - 1, "%s", PORTAL->name); \ hentry = (PortalHashEnt*)hash_search(PortalHashTable, \ key, HASH_REMOVE, &found); \ if (hentry == NULL) \ diff --git a/src/backend/utils/sort/psort.c b/src/backend/utils/sort/psort.c index d73be1210b..76daa0351e 100644 --- a/src/backend/utils/sort/psort.c +++ b/src/backend/utils/sort/psort.c @@ -4,7 +4,7 @@ * * Copyright (c) 1994, Regents of the University of California * - * $Id: psort.c,v 1.45 1998/12/14 08:11:14 scrappy Exp $ + * $Id: psort.c,v 1.46 1999/01/01 04:48:49 momjian Exp $ * * NOTES * Sorts the first relation into the second relation. @@ -1019,7 +1019,8 @@ gettape() tp = (struct tapelst *) palloc((unsigned) sizeof(struct tapelst)); - sprintf(uniqueName, "%spg_psort.%d.%d", TEMPDIR, (int) MyProcPid, uniqueFileId); + snprintf(uniqueName, MAXPGPATH - 1, "%spg_psort.%d.%d", + TEMPDIR, (int) MyProcPid, uniqueFileId); uniqueFileId++; tapeinit = 1;