The attached patch changes most of the usages of sprintf() to

snprintf() in contrib/. I didn't touch the places where pointer arithmatic was being used, or other areas where the fix wasn't trivial. I would think that few, if any, of the usages of sprintf() were actually exploitable, but it's probably better to be paranoid... Neil Conway
author: Bruce Momjian <bruce@momjian.us> 2002-08-15 02:58:29 +0000
committer: Bruce Momjian <bruce@momjian.us> 2002-08-15 02:58:29 +0000
commit: 66eb8df6a4a04922e34dcb2dc543fe231b94903d (patch)
tree: 784f595e15219b79a7f4d609b174c155a5c310f7 /contrib/lo
parent: 7f4981f4af1700456f98ac3f2b2d84959919ec81 (diff)
download: postgresql-66eb8df6a4a04922e34dcb2dc543fe231b94903d.tar.gz
1 files changed, 2 insertions, 2 deletions
diff --git a/contrib/lo/lo.c b/contrib/lo/lo.c
index 8215c4cbbc..8f0a6077af 100644
--- a/contrib/lo/lo.c
+++ b/contrib/lo/lo.c
@@ -1,7 +1,7 @@
 /*
  *	PostgreSQL type definitions for managed LargeObjects.
  *
- *	$Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.11 2001/12/07 04:18:31 inoue Exp $
+ *	$Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.12 2002/08/15 02:58:29 momjian Exp $
  *
  */
 
@@ -92,7 +92,7 @@ lo_out(Blob * addr)
 		return (NULL);
 
 	result = (char *) palloc(32);
-	sprintf(result, "%u", *addr);
+	snprintf(result, 32, "%u", *addr);
 	return (result);
 }
author	Bruce Momjian <bruce@momjian.us>	2002-08-15 02:58:29 +0000
committer	Bruce Momjian <bruce@momjian.us>	2002-08-15 02:58:29 +0000
commit	66eb8df6a4a04922e34dcb2dc543fe231b94903d (patch)
tree	784f595e15219b79a7f4d609b174c155a5c310f7 /contrib/lo
parent	7f4981f4af1700456f98ac3f2b2d84959919ec81 (diff)
download	postgresql-66eb8df6a4a04922e34dcb2dc543fe231b94903d.tar.gz