Truncate strings in tarCreateHeader() with strlcpy(), not sprintf().

This supplements the GNU libc bug #6530 workarounds introduced in commit
54cd4f04576833abc394e131288bf3dd7dcf4806.  On affected systems, a
tar-format pg_basebackup failed when some filename beneath the data
directory was not valid character data in the postmaster/walsender
locale.  Back-patch to 9.1, where pg_basebackup was introduced.  Extant,
bug-prone conversion specifications receive only ASCII bytes or involve
low-importance messages.

1 files changed, 4 insertions, 4 deletions

diff --git a/src/backend/replication/basebackup.c b/src/backend/replication/basebackup.c
index 200d4d54f84..a0c8903497d 100644
--- a/src/backend/replication/basebackup.c
+++ b/src/backend/replication/basebackup.c
@@ -988,7 +988,7 @@ _tarWriteHeader(const char *filename, const char *linktarget,
 	memset(h, 0, sizeof(h));
 
 	/* Name 100 */
-	sprintf(&h[0], "%.99s", filename);
+	strlcpy(&h[0], filename, 100);
 	if (linktarget != NULL || S_ISDIR(statbuf->st_mode))
 	{
 		/*
@@ -1030,7 +1030,7 @@ _tarWriteHeader(const char *filename, const char *linktarget,
 		/* Type - Symbolic link */
 		sprintf(&h[156], "2");
 		/* Link Name 100 */
-		sprintf(&h[157], "%.99s", linktarget);
+		strlcpy(&h[157], linktarget, 100);
 	}
 	else if (S_ISDIR(statbuf->st_mode))
 		/* Type - directory */
@@ -1047,11 +1047,11 @@ _tarWriteHeader(const char *filename, const char *linktarget,
 
 	/* User 32 */
 	/* XXX: Do we need to care about setting correct username? */
-	sprintf(&h[265], "%.31s", "postgres");
+	strlcpy(&h[265], "postgres", 32);
 
 	/* Group 32 */
 	/* XXX: Do we need to care about setting correct group name? */
-	sprintf(&h[297], "%.31s", "postgres");
+	strlcpy(&h[297], "postgres", 32);
 
 	/* Major Dev 8 */
 	sprintf(&h[329], "%07o ", 0);