The attached patch changes most of the usages of sprintf() to

snprintf() in contrib/. I didn't touch the places where pointer arithmatic was being used, or other areas where the fix wasn't trivial. I would think that few, if any, of the usages of sprintf() were actually exploitable, but it's probably better to be paranoid... Neil Conway
author: Bruce Momjian <bruce@momjian.us> 2002-08-15 02:58:29 +0000
committer: Bruce Momjian <bruce@momjian.us> 2002-08-15 02:58:29 +0000
commit: 66eb8df6a4a04922e34dcb2dc543fe231b94903d (patch)
tree: 784f595e15219b79a7f4d609b174c155a5c310f7 /contrib/findoidjoins/findoidjoins.c
parent: 7f4981f4af1700456f98ac3f2b2d84959919ec81 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/contrib/findoidjoins/findoidjoins.c b/contrib/findoidjoins/findoidjoins.c
index c426b5523a3..b3bef4d3cb3 100644
--- a/contrib/findoidjoins/findoidjoins.c
+++ b/contrib/findoidjoins/findoidjoins.c
@@ -68,14 +68,14 @@ main(int argc, char **argv)
 		{
 			unset_result(relres);
 			if (strcmp(typname, "oid") == 0)
-				sprintf(query, "\
+				snprintf(query, 4000, "\
 					DECLARE c_matches BINARY CURSOR FOR \
 					SELECT	count(*)::int4 \
 						FROM \"%s\" t1, \"%s\" t2 \
 					WHERE t1.\"%s\" = t2.oid ",
 						relname, relname2, attname);
 			else
-				sprintf(query, "\
+				sprintf(query, 4000, "\
 					DECLARE c_matches BINARY CURSOR FOR \
 					SELECT	count(*)::int4 \
 						FROM \"%s\" t1, \"%s\" t2 \
author	Bruce Momjian <bruce@momjian.us>	2002-08-15 02:58:29 +0000
committer	Bruce Momjian <bruce@momjian.us>	2002-08-15 02:58:29 +0000
commit	66eb8df6a4a04922e34dcb2dc543fe231b94903d (patch)
tree	784f595e15219b79a7f4d609b174c155a5c310f7 /contrib/findoidjoins/findoidjoins.c
parent	7f4981f4af1700456f98ac3f2b2d84959919ec81 (diff)