From 66eb8df6a4a04922e34dcb2dc543fe231b94903d Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Thu, 15 Aug 2002 02:58:29 +0000 Subject: [PATCH] The attached patch changes most of the usages of sprintf() to snprintf() in contrib/. I didn't touch the places where pointer arithmatic was being used, or other areas where the fix wasn't trivial. I would think that few, if any, of the usages of sprintf() were actually exploitable, but it's probably better to be paranoid... Neil Conway --- contrib/dbase/dbf.c | 8 ++++---- contrib/dbase/dbf2pg.c | 6 +++--- contrib/findoidjoins/findoidjoins.c | 4 ++-- contrib/lo/lo.c | 4 ++-- contrib/mSQL-interface/mpgsql.c | 12 ++++++++---- contrib/oid2name/oid2name.c | 10 +++++----- contrib/pg_dumplo/lo_export.c | 13 +++++++------ contrib/pg_dumplo/lo_import.c | 7 ++++--- contrib/pg_dumplo/utils.c | 8 ++++---- contrib/pg_resetxlog/pg_resetxlog.c | 4 ++-- contrib/pgbench/pgbench.c | 20 ++++++++++---------- contrib/rserv/rserv.c | 18 ++++++++++-------- contrib/spi/refint.c | 26 ++++++++++++++------------ contrib/spi/timetravel.c | 6 +++--- contrib/vacuumlo/vacuumlo.c | 4 ++-- 15 files changed, 80 insertions(+), 70 deletions(-) diff --git a/contrib/dbase/dbf.c b/contrib/dbase/dbf.c index 053e9adffb..357966b499 100644 --- a/contrib/dbase/dbf.c +++ b/contrib/dbase/dbf.c @@ -437,7 +437,7 @@ dbf_put_record(dbhead * dbh, field * rec, u_long where) format: sprintf format-string to get the right precision with real numbers NOTE: this declaration of 'foo' can cause overflow when the contents-field - is longer the 127 chars (which is highly unlikely, cos it is not used + is longer the 127 chars (which is highly unlikely, because it is not used in text-fields). */ /* REMEMBER THAT THERE'S A 0x1A AT THE END OF THE FILE, SO DON'T @@ -488,11 +488,11 @@ dbf_put_record(dbhead * dbh, field * rec, u_long where) if ((rec[t].db_type == 'N') && (rec[t].db_dec != 0)) { fl = atof(rec[t].db_contents); - sprintf(format, "%%.%df", rec[t].db_dec); - sprintf(foo, format, fl); + snprintf(format, 32, "%%.%df", rec[t].db_dec); + snprintf(foo, 128, format, fl); } else - strcpy(foo, rec[t].db_contents); + strncpy(foo, rec[t].db_contents, 128); if (strlen(foo) > rec[t].db_flen) length = rec[t].db_flen; else diff --git a/contrib/dbase/dbf2pg.c b/contrib/dbase/dbf2pg.c index 5f5e9d2823..4522368e06 100644 --- a/contrib/dbase/dbf2pg.c +++ b/contrib/dbase/dbf2pg.c @@ -308,7 +308,7 @@ do_create(PGconn *conn, char *table, dbhead * dbh) if (dbh->db_fields[i].db_flen > 1) { strcat(query, " varchar"); - sprintf(t, "(%d)", + snprintf(t, 20, "(%d)", dbh->db_fields[i].db_flen); strcat(query, t); } @@ -361,7 +361,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh) result; char *query, *foo; - char pgdate[10]; + char pgdate[11]; if (verbose > 1) printf("Inserting records\n"); @@ -467,7 +467,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh) { if ((strlen(foo) == 8) && isinteger(foo)) { - sprintf(pgdate, "%c%c%c%c-%c%c-%c%c", + snprintf(pgdate, 11, "%c%c%c%c-%c%c-%c%c", foo[0], foo[1], foo[2], foo[3], foo[4], foo[5], foo[6], foo[7]); strcat(query, pgdate); diff --git a/contrib/findoidjoins/findoidjoins.c b/contrib/findoidjoins/findoidjoins.c index c426b5523a..b3bef4d3cb 100644 --- a/contrib/findoidjoins/findoidjoins.c +++ b/contrib/findoidjoins/findoidjoins.c @@ -68,14 +68,14 @@ main(int argc, char **argv) { unset_result(relres); if (strcmp(typname, "oid") == 0) - sprintf(query, "\ + snprintf(query, 4000, "\ DECLARE c_matches BINARY CURSOR FOR \ SELECT count(*)::int4 \ FROM \"%s\" t1, \"%s\" t2 \ WHERE t1.\"%s\" = t2.oid ", relname, relname2, attname); else - sprintf(query, "\ + sprintf(query, 4000, "\ DECLARE c_matches BINARY CURSOR FOR \ SELECT count(*)::int4 \ FROM \"%s\" t1, \"%s\" t2 \ diff --git a/contrib/lo/lo.c b/contrib/lo/lo.c index 8215c4cbbc..8f0a6077af 100644 --- a/contrib/lo/lo.c +++ b/contrib/lo/lo.c @@ -1,7 +1,7 @@ /* * PostgreSQL type definitions for managed LargeObjects. * - * $Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.11 2001/12/07 04:18:31 inoue Exp $ + * $Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.12 2002/08/15 02:58:29 momjian Exp $ * */ @@ -92,7 +92,7 @@ lo_out(Blob * addr) return (NULL); result = (char *) palloc(32); - sprintf(result, "%u", *addr); + snprintf(result, 32, "%u", *addr); return (result); } diff --git a/contrib/mSQL-interface/mpgsql.c b/contrib/mSQL-interface/mpgsql.c index 8b59485471..27639ad1d4 100644 --- a/contrib/mSQL-interface/mpgsql.c +++ b/contrib/mSQL-interface/mpgsql.c @@ -106,7 +106,7 @@ msqlCreateDB(int a, char *b) { char tbuf[BUFSIZ]; - sprintf(tbuf, "create database %s", b); + snprintf(tbuf, BUFSIZ, "create database %s", b); return msqlQuery(a, tbuf) >= 0 ? 0 : -1; } @@ -115,7 +115,7 @@ msqlDropDB(int a, char *b) { char tbuf[BUFSIZ]; - sprintf(tbuf, "drop database %s", b); + snprintf(tbuf, BUFSIZ, "drop database %s", b); return msqlQuery(a, tbuf) >= 0 ? 0 : -1; } @@ -262,7 +262,9 @@ msqlListTables(int a) m_result *m; char tbuf[BUFSIZ]; - sprintf(tbuf, "select relname from pg_class where relkind='r' and relowner=%d", getuid()); + snprintf(tbuf, BUFSIZ, + "select relname from pg_class where relkind='r' and relowner=%d", + getuid()); if (msqlQuery(a, tbuf) > 0) { m = msqlStoreResult(); @@ -284,7 +286,9 @@ msqlListIndex(int a, char *b, char *c) m_result *m; char tbuf[BUFSIZ]; - sprintf(tbuf, "select relname from pg_class where relkind='i' and relowner=%d", getuid()); + snprintf(tbuf, BUFSIZ, + "select relname from pg_class where relkind='i' and relowner=%d", + getuid()); if (msqlQuery(a, tbuf) > 0) { m = msqlStoreResult(); diff --git a/contrib/oid2name/oid2name.c b/contrib/oid2name/oid2name.c index 6c3e7d420a..8613800056 100644 --- a/contrib/oid2name/oid2name.c +++ b/contrib/oid2name/oid2name.c @@ -337,7 +337,7 @@ sql_exec_dumpdb(PGconn *conn) char todo[1024]; /* get the oid and database name from the system pg_database table */ - sprintf(todo, "select oid,datname from pg_database"); + snprintf(todo, 1024, "select oid,datname from pg_database"); sql_exec(conn, todo, 0); } @@ -351,9 +351,9 @@ sql_exec_dumptable(PGconn *conn, int systables) /* don't exclude the systables if this is set */ if (systables == 1) - sprintf(todo, "select relfilenode,relname from pg_class order by relname"); + snprintf(todo, 1024, "select relfilenode,relname from pg_class order by relname"); else - sprintf(todo, "select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname"); + snprintf(todo, 1024, "select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname"); sql_exec(conn, todo, 0); } @@ -367,7 +367,7 @@ sql_exec_searchtable(PGconn *conn, const char *tablename) char todo[1024]; /* get the oid and tablename where the name matches tablename */ - sprintf(todo, "select relfilenode,relname from pg_class where relname = '%s'", tablename); + snprintf(todo, 1024, "select relfilenode,relname from pg_class where relname = '%s'", tablename); returnvalue = sql_exec(conn, todo, 1); @@ -386,7 +386,7 @@ sql_exec_searchoid(PGconn *conn, int oid) int returnvalue; char todo[1024]; - sprintf(todo, "select relfilenode,relname from pg_class where oid = %i", oid); + snprintf(todo, 1024, "select relfilenode,relname from pg_class where oid = %i", oid); returnvalue = sql_exec(conn, todo, 1); diff --git a/contrib/pg_dumplo/lo_export.c b/contrib/pg_dumplo/lo_export.c index adb216fee2..3e38b56409 100644 --- a/contrib/pg_dumplo/lo_export.c +++ b/contrib/pg_dumplo/lo_export.c @@ -1,7 +1,7 @@ /* ------------------------------------------------------------------------- * pg_dumplo * - * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_export.c,v 1.8 2001/10/25 05:49:19 momjian Exp $ + * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_export.c,v 1.9 2002/08/15 02:58:29 momjian Exp $ * * Karel Zak 1999-2000 * ------------------------------------------------------------------------- @@ -110,8 +110,9 @@ pglo_export(LODumpMaster * pgLO) /* * Query: find the LOs referenced by this column */ - sprintf(Qbuff, "SELECT DISTINCT l.loid FROM \"%s\" x, pg_largeobject l WHERE x.\"%s\" = l.loid", - ll->lo_table, ll->lo_attr); + snprintf(Qbuff, QUERY_BUFSIZ, + "SELECT DISTINCT l.loid FROM \"%s\" x, pg_largeobject l WHERE x.\"%s\" = l.loid", + ll->lo_table, ll->lo_attr); /* puts(Qbuff); */ @@ -140,7 +141,7 @@ pglo_export(LODumpMaster * pgLO) if (pgLO->action != ACTION_SHOW) { - sprintf(path, "%s/%s/%s", pgLO->space, pgLO->db, + snprintf(path, BUFSIZ, "%s/%s/%s", pgLO->space, pgLO->db, ll->lo_table); if (mkdir(path, DIR_UMASK) == -1) @@ -152,7 +153,7 @@ pglo_export(LODumpMaster * pgLO) } } - sprintf(path, "%s/%s/%s/%s", pgLO->space, pgLO->db, + snprintf(path, BUFSIZ, "%s/%s/%s/%s", pgLO->space, pgLO->db, ll->lo_table, ll->lo_attr); if (mkdir(path, DIR_UMASK) == -1) @@ -185,7 +186,7 @@ pglo_export(LODumpMaster * pgLO) continue; } - sprintf(path, "%s/%s/%s/%s/%s", pgLO->space, + snprintf(path, BUFSIZ, "%s/%s/%s/%s/%s", pgLO->space, pgLO->db, ll->lo_table, ll->lo_attr, val); if (lo_export(pgLO->conn, lo, path) < 0) diff --git a/contrib/pg_dumplo/lo_import.c b/contrib/pg_dumplo/lo_import.c index aec2aa0cee..b880e18b24 100644 --- a/contrib/pg_dumplo/lo_import.c +++ b/contrib/pg_dumplo/lo_import.c @@ -1,7 +1,7 @@ /* ------------------------------------------------------------------------- * pg_dumplo * - * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_import.c,v 1.6 2001/10/25 05:49:19 momjian Exp $ + * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_import.c,v 1.7 2002/08/15 02:58:29 momjian Exp $ * * Karel Zak 1999-2000 * ------------------------------------------------------------------------- @@ -48,7 +48,7 @@ pglo_import(LODumpMaster * pgLO) loa.lo_table = tab; loa.lo_attr = attr; - sprintf(lo_path, "%s/%s", pgLO->space, path); + snprintf(lo_path, BUFSIZ, "%s/%s", pgLO->space, path); /* * Import LO @@ -81,7 +81,8 @@ pglo_import(LODumpMaster * pgLO) /* * UPDATE oid in tab */ - sprintf(Qbuff, "UPDATE \"%s\" SET \"%s\"=%u WHERE \"%s\"=%u", + snprintf(Qbuff, QUERY_BUFSIZ, + "UPDATE \"%s\" SET \"%s\"=%u WHERE \"%s\"=%u", loa.lo_table, loa.lo_attr, new_oid, loa.lo_attr, loa.lo_oid); /* fprintf(stderr, Qbuff); */ diff --git a/contrib/pg_dumplo/utils.c b/contrib/pg_dumplo/utils.c index d36ee4be08..aab35bcd7c 100644 --- a/contrib/pg_dumplo/utils.c +++ b/contrib/pg_dumplo/utils.c @@ -1,7 +1,7 @@ /* ------------------------------------------------------------------------- * pg_dumplo * - * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.4 2001/03/22 03:59:10 momjian Exp $ + * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.5 2002/08/15 02:58:29 momjian Exp $ * * Karel Zak 1999-2000 * ------------------------------------------------------------------------- @@ -36,7 +36,7 @@ index_file(LODumpMaster * pgLO) if (pgLO->action == ACTION_SHOW) return; - sprintf(path, "%s/%s", pgLO->space, pgLO->db); + snprintf(path, BUFSIZ, "%s/%s", pgLO->space, pgLO->db); if (pgLO->action == ACTION_EXPORT_ATTR || pgLO->action == ACTION_EXPORT_ALL) @@ -51,7 +51,7 @@ index_file(LODumpMaster * pgLO) } } - sprintf(path, "%s/lo_dump.index", path); + snprintf(path, BUFSIZ, "%s/lo_dump.index", path); if ((pgLO->index = fopen(path, "w")) == NULL) { @@ -63,7 +63,7 @@ index_file(LODumpMaster * pgLO) else if (pgLO->action != ACTION_NONE) { - sprintf(path, "%s/lo_dump.index", path); + snprintf(path, BUFSIZ, "%s/lo_dump.index", path); if ((pgLO->index = fopen(path, "r")) == NULL) { diff --git a/contrib/pg_resetxlog/pg_resetxlog.c b/contrib/pg_resetxlog/pg_resetxlog.c index cf1782d42e..44925fc7c2 100644 --- a/contrib/pg_resetxlog/pg_resetxlog.c +++ b/contrib/pg_resetxlog/pg_resetxlog.c @@ -23,7 +23,7 @@ * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group * Portions Copyright (c) 1994, Regents of the University of California * - * $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.18 2002/06/20 20:29:24 momjian Exp $ + * $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.19 2002/08/15 02:58:29 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -352,7 +352,7 @@ KillExistingXLOG(void) if (strlen(xlde->d_name) == 16 && strspn(xlde->d_name, "0123456789ABCDEF") == 16) { - sprintf(path, "%s/%s", XLogDir, xlde->d_name); + snprintf(path, MAXPGPATH, "%s/%s", XLogDir, xlde->d_name); if (unlink(path) < 0) { perror(path); diff --git a/contrib/pgbench/pgbench.c b/contrib/pgbench/pgbench.c index 2e64fa0ed5..6e1813704c 100644 --- a/contrib/pgbench/pgbench.c +++ b/contrib/pgbench/pgbench.c @@ -1,5 +1,5 @@ /* - * $Header: /cvsroot/pgsql/contrib/pgbench/pgbench.c,v 1.17 2002/07/20 03:02:01 ishii Exp $ + * $Header: /cvsroot/pgsql/contrib/pgbench/pgbench.c,v 1.18 2002/08/15 02:58:29 momjian Exp $ * * pgbench: a simple TPC-B like benchmark program for PostgreSQL * written by Tatsuo Ishii @@ -310,26 +310,26 @@ doOne(CState * state, int n, int debug, int ttype) gettimeofday(&(st->txn_begin), 0); break; case 1: - sprintf(sql, "update accounts set abalance = abalance + %d where aid = %d\n", st->delta, st->aid); + snprintf(sql, 256, "update accounts set abalance = abalance + %d where aid = %d\n", st->delta, st->aid); break; case 2: - sprintf(sql, "select abalance from accounts where aid = %d", st->aid); + snprintf(sql, 256, "select abalance from accounts where aid = %d", st->aid); break; case 3: if (ttype == 0) { - sprintf(sql, "update tellers set tbalance = tbalance + %d where tid = %d\n", + snprintf(sql, 256, "update tellers set tbalance = tbalance + %d where tid = %d\n", st->delta, st->tid); break; } case 4: if (ttype == 0) { - sprintf(sql, "update branches set bbalance = bbalance + %d where bid = %d", st->delta, st->bid); + snprintf(sql, 256, "update branches set bbalance = bbalance + %d where bid = %d", st->delta, st->bid); break; } case 5: - sprintf(sql, "insert into history(tid,bid,aid,delta,mtime) values(%d,%d,%d,%d,'now')", + snprintf(sql, 256, "insert into history(tid,bid,aid,delta,mtime) values(%d,%d,%d,%d,'now')", st->tid, st->bid, st->aid, st->delta); break; case 6: @@ -426,7 +426,7 @@ doSelectOnly(CState * state, int n, int debug) { case 0: st->aid = getrand(1, naccounts * tps); - sprintf(sql, "select abalance from accounts where aid = %d", st->aid); + snprintf(sql, 256, "select abalance from accounts where aid = %d", st->aid); break; } @@ -500,7 +500,7 @@ init(void) for (i = 0; i < nbranches * tps; i++) { - sprintf(sql, "insert into branches(bid,bbalance) values(%d,0)", i + 1); + snprintf(sql, 256, "insert into branches(bid,bbalance) values(%d,0)", i + 1); res = PQexec(con, sql); if (PQresultStatus(res) != PGRES_COMMAND_OK) { @@ -512,7 +512,7 @@ init(void) for (i = 0; i < ntellers * tps; i++) { - sprintf(sql, "insert into tellers(tid,bid,tbalance) values (%d,%d,0)" + snprintf(sql, 256, "insert into tellers(tid,bid,tbalance) values (%d,%d,0)" ,i + 1, i / ntellers + 1); res = PQexec(con, sql); if (PQresultStatus(res) != PGRES_COMMAND_OK) @@ -550,7 +550,7 @@ init(void) PQclear(res); } - sprintf(sql, "%d\t%d\t%d\t\n", j, j / naccounts, 0); + snprintf(sql, 256, "%d\t%d\t%d\t\n", j, j / naccounts, 0); if (PQputline(con, sql)) { fprintf(stderr, "PQputline failed\n"); diff --git a/contrib/rserv/rserv.c b/contrib/rserv/rserv.c index 54da14a696..8672eb79cb 100644 --- a/contrib/rserv/rserv.c +++ b/contrib/rserv/rserv.c @@ -102,9 +102,10 @@ _rserv_log_() if (keynum == ObjectIdAttributeNumber) { - sprintf(oidbuf, "%u", rel->rd_rel->relhasoids - ? HeapTupleGetOid(tuple) - : InvalidOid); + snprintf(oidbuf, "%u", 64, + rel->rd_rel->relhasoids + ? HeapTupleGetOid(tuple) + : InvalidOid); key = oidbuf; } else @@ -129,7 +130,7 @@ _rserv_log_() else okey = key; - sprintf(sql, "update _RSERV_LOG_ set logid = %d, logtime = now(), " + snprintf(sql, 8192, "update _RSERV_LOG_ set logid = %d, logtime = now(), " "deleted = %d where reloid = %u and key = '%s'", GetCurrentTransactionId(), deleted, rel->rd_id, okey); @@ -148,7 +149,7 @@ _rserv_log_() elog(ERROR, "_rserv_log_: duplicate tuples"); else if (SPI_processed == 0) { - sprintf(sql, "insert into _RSERV_LOG_ " + snprintf(sql, 8192, "insert into _RSERV_LOG_ " "(reloid, logid, logtime, deleted, key) " "values (%u, %d, now(), %d, '%s')", rel->rd_id, GetCurrentTransactionId(), @@ -173,7 +174,7 @@ _rserv_log_() else okey = newkey; - sprintf(sql, "insert into _RSERV_LOG_ " + snprintf(sql, 8192, "insert into _RSERV_LOG_ " "(reloid, logid, logtime, deleted, key) " "values (%u, %d, now(), 0, '%s')", rel->rd_id, GetCurrentTransactionId(), okey); @@ -222,14 +223,15 @@ _rserv_sync_(int32 server) buf[0] = 0; for (xcnt = 0; xcnt < SerializableSnapshot->xcnt; xcnt++) { - sprintf(buf + strlen(buf), "%s%u", (xcnt) ? ", " : "", + snprintf(buf + strlen(buf), 8192 - strlen(buf), + "%s%u", (xcnt) ? ", " : "", SerializableSnapshot->xip[xcnt]); } if ((ret = SPI_connect()) < 0) elog(ERROR, "_rserv_sync_: SPI_connect returned %d", ret); - sprintf(sql, "insert into _RSERV_SYNC_ " + snprintf(sql, 8192, "insert into _RSERV_SYNC_ " "(server, syncid, synctime, status, minid, maxid, active) " "values (%u, currval('_rserv_sync_seq_'), now(), 0, %d, %d, '%s')", server, SerializableSnapshot->xmin, SerializableSnapshot->xmax, active); diff --git a/contrib/spi/refint.c b/contrib/spi/refint.c index 55c0fd13e6..6355763f94 100644 --- a/contrib/spi/refint.c +++ b/contrib/spi/refint.c @@ -112,7 +112,7 @@ check_primary_key(PG_FUNCTION_ARGS) * Construct ident string as TriggerName $ TriggeredRelationId and try * to find prepared execution plan. */ - sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id); + snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id); plan = find_plan(ident, &PPlans, &nPPlans); /* if there is no plan then allocate argtypes for preparation */ @@ -160,10 +160,10 @@ check_primary_key(PG_FUNCTION_ARGS) * Construct query: SELECT 1 FROM _referenced_relation_ WHERE * Pkey1 = $1 [AND Pkey2 = $2 [...]] */ - sprintf(sql, "select 1 from %s where ", relname); + snprintf(sql, 8192, "select 1 from %s where ", relname); for (i = 0; i < nkeys; i++) { - sprintf(sql + strlen(sql), "%s = $%d %s", + snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s", args[i + nkeys + 1], i + 1, (i < nkeys - 1) ? "and " : ""); } @@ -320,7 +320,7 @@ check_foreign_key(PG_FUNCTION_ARGS) * Construct ident string as TriggerName $ TriggeredRelationId and try * to find prepared execution plan(s). */ - sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id); + snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id); plan = find_plan(ident, &FPlans, &nFPlans); /* if there is no plan(s) then allocate argtypes for preparation */ @@ -411,7 +411,7 @@ check_foreign_key(PG_FUNCTION_ARGS) */ if (action == 'r') - sprintf(sql, "select 1 from %s where ", relname); + snprintf(sql, 8192, "select 1 from %s where ", relname); /*--------- * For 'C'ascade action we construct DELETE query @@ -438,7 +438,7 @@ check_foreign_key(PG_FUNCTION_ARGS) char *nv; int k; - sprintf(sql, "update %s set ", relname); + snprintf(sql, 8192, "update %s set ", relname); for (k = 1; k <= nkeys; k++) { int is_char_type = 0; @@ -461,7 +461,8 @@ check_foreign_key(PG_FUNCTION_ARGS) * is_char_type =1 i set ' ' for define a new * value */ - sprintf(sql + strlen(sql), " %s = %s%s%s %s ", + snprintf(sql + strlen(sql), 8192 - strlen(sql), + " %s = %s%s%s %s ", args2[k], (is_char_type > 0) ? "'" : "", nv, (is_char_type > 0) ? "'" : "", (k < nkeys) ? ", " : ""); is_char_type = 0; @@ -471,7 +472,7 @@ check_foreign_key(PG_FUNCTION_ARGS) } else /* DELETE */ - sprintf(sql, "delete from %s where ", relname); + snprintf(sql, 8192, "delete from %s where ", relname); } @@ -483,10 +484,11 @@ check_foreign_key(PG_FUNCTION_ARGS) */ else if (action == 's') { - sprintf(sql, "update %s set ", relname); + snprintf(sql, 8192, "update %s set ", relname); for (i = 1; i <= nkeys; i++) { - sprintf(sql + strlen(sql), "%s = null%s", + snprintf(sql + strlen(sql), 8192 - strlen(sql), + "%s = null%s", args2[i], (i < nkeys) ? ", " : ""); } strcat(sql, " where "); @@ -495,7 +497,7 @@ check_foreign_key(PG_FUNCTION_ARGS) /* Construct WHERE qual */ for (i = 1; i <= nkeys; i++) { - sprintf(sql + strlen(sql), "%s = $%d %s", + snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s", args2[i], i, (i < nkeys) ? "and " : ""); } @@ -545,7 +547,7 @@ check_foreign_key(PG_FUNCTION_ARGS) relname = args[0]; - sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id); + snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id); plan = find_plan(ident, &FPlans, &nFPlans); ret = SPI_execp(plan->splan[r], kvals, NULL, tcount); /* we have no NULLs - so we pass ^^^^ here */ diff --git a/contrib/spi/timetravel.c b/contrib/spi/timetravel.c index 1731190a5d..7bd30c109f 100644 --- a/contrib/spi/timetravel.c +++ b/contrib/spi/timetravel.c @@ -250,7 +250,7 @@ timetravel(PG_FUNCTION_ARGS) * Construct ident string as TriggerName $ TriggeredRelationId and try * to find prepared execution plan. */ - sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id); + snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id); plan = find_plan(ident, &Plans, &nPlans); /* if there is no plan ... */ @@ -266,10 +266,10 @@ timetravel(PG_FUNCTION_ARGS) /* * Construct query: INSERT INTO _relation_ VALUES ($1, ...) */ - sprintf(sql, "INSERT INTO %s VALUES (", relname); + snprintf(sql, 8192, "INSERT INTO %s VALUES (", relname); for (i = 1; i <= natts; i++) { - sprintf(sql + strlen(sql), "$%d%s", + snprintf(sql + strlen(sql), 8192 - strlen(sql), "$%d%s", i, (i < natts) ? ", " : ")"); ctypes[i - 1] = SPI_gettypeid(tupdesc, i); } diff --git a/contrib/vacuumlo/vacuumlo.c b/contrib/vacuumlo/vacuumlo.c index cbeb562b32..ac80ea361a 100644 --- a/contrib/vacuumlo/vacuumlo.c +++ b/contrib/vacuumlo/vacuumlo.c @@ -8,7 +8,7 @@ * * * IDENTIFICATION - * $Header: /cvsroot/pgsql/contrib/vacuumlo/vacuumlo.c,v 1.12 2002/06/20 20:29:24 momjian Exp $ + * $Header: /cvsroot/pgsql/contrib/vacuumlo/vacuumlo.c,v 1.13 2002/08/15 02:58:29 momjian Exp $ * *------------------------------------------------------------------------- */ @@ -288,7 +288,7 @@ vacuumlo(char *database, struct _param *param) * Postgres-ism and not portable to other DBMSs, but then this * whole program is a Postgres-ism. */ - sprintf(buf, "DELETE FROM vacuum_l WHERE lo = \"%s\".\"%s\" ", + snprintf(buf, BUFSIZE, "DELETE FROM vacuum_l WHERE lo = \"%s\".\"%s\" ", table, field); res2 = PQexec(conn, buf); if (PQresultStatus(res2) != PGRES_COMMAND_OK) -- 2.11.0