From 66eb8df6a4a04922e34dcb2dc543fe231b94903d Mon Sep 17 00:00:00 2001 From: Bruce Momjian Date: Thu, 15 Aug 2002 02:58:29 +0000 Subject: The attached patch changes most of the usages of sprintf() to snprintf() in contrib/. I didn't touch the places where pointer arithmatic was being used, or other areas where the fix wasn't trivial. I would think that few, if any, of the usages of sprintf() were actually exploitable, but it's probably better to be paranoid... Neil Conway --- contrib/mSQL-interface/mpgsql.c | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) (limited to 'contrib/mSQL-interface/mpgsql.c') diff --git a/contrib/mSQL-interface/mpgsql.c b/contrib/mSQL-interface/mpgsql.c index 8b59485471c..27639ad1d40 100644 --- a/contrib/mSQL-interface/mpgsql.c +++ b/contrib/mSQL-interface/mpgsql.c @@ -106,7 +106,7 @@ msqlCreateDB(int a, char *b) { char tbuf[BUFSIZ]; - sprintf(tbuf, "create database %s", b); + snprintf(tbuf, BUFSIZ, "create database %s", b); return msqlQuery(a, tbuf) >= 0 ? 0 : -1; } @@ -115,7 +115,7 @@ msqlDropDB(int a, char *b) { char tbuf[BUFSIZ]; - sprintf(tbuf, "drop database %s", b); + snprintf(tbuf, BUFSIZ, "drop database %s", b); return msqlQuery(a, tbuf) >= 0 ? 0 : -1; } @@ -262,7 +262,9 @@ msqlListTables(int a) m_result *m; char tbuf[BUFSIZ]; - sprintf(tbuf, "select relname from pg_class where relkind='r' and relowner=%d", getuid()); + snprintf(tbuf, BUFSIZ, + "select relname from pg_class where relkind='r' and relowner=%d", + getuid()); if (msqlQuery(a, tbuf) > 0) { m = msqlStoreResult(); @@ -284,7 +286,9 @@ msqlListIndex(int a, char *b, char *c) m_result *m; char tbuf[BUFSIZ]; - sprintf(tbuf, "select relname from pg_class where relkind='i' and relowner=%d", getuid()); + snprintf(tbuf, BUFSIZ, + "select relname from pg_class where relkind='i' and relowner=%d", + getuid()); if (msqlQuery(a, tbuf) > 0) { m = msqlStoreResult(); -- cgit v1.2.3