diff options
| author | Bruce Momjian | 2002-08-15 02:58:29 +0000 |
|---|---|---|
| committer | Bruce Momjian | 2002-08-15 02:58:29 +0000 |
| commit | 66eb8df6a4a04922e34dcb2dc543fe231b94903d (patch) | |
| tree | 784f595e15219b79a7f4d609b174c155a5c310f7 /contrib/spi/refint.c | |
| parent | 7f4981f4af1700456f98ac3f2b2d84959919ec81 (diff) | |
The attached patch changes most of the usages of sprintf() to
snprintf() in contrib/. I didn't touch the places where pointer
arithmatic was being used, or other areas where the fix wasn't
trivial. I would think that few, if any, of the usages of sprintf()
were actually exploitable, but it's probably better to be paranoid...
Neil Conway
Diffstat (limited to 'contrib/spi/refint.c')
| -rw-r--r-- | contrib/spi/refint.c | 26 |
1 files changed, 14 insertions, 12 deletions
diff --git a/contrib/spi/refint.c b/contrib/spi/refint.c index 55c0fd13e68..6355763f948 100644 --- a/contrib/spi/refint.c +++ b/contrib/spi/refint.c @@ -112,7 +112,7 @@ check_primary_key(PG_FUNCTION_ARGS) * Construct ident string as TriggerName $ TriggeredRelationId and try * to find prepared execution plan. */ - sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id); + snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id); plan = find_plan(ident, &PPlans, &nPPlans); /* if there is no plan then allocate argtypes for preparation */ @@ -160,10 +160,10 @@ check_primary_key(PG_FUNCTION_ARGS) * Construct query: SELECT 1 FROM _referenced_relation_ WHERE * Pkey1 = $1 [AND Pkey2 = $2 [...]] */ - sprintf(sql, "select 1 from %s where ", relname); + snprintf(sql, 8192, "select 1 from %s where ", relname); for (i = 0; i < nkeys; i++) { - sprintf(sql + strlen(sql), "%s = $%d %s", + snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s", args[i + nkeys + 1], i + 1, (i < nkeys - 1) ? "and " : ""); } @@ -320,7 +320,7 @@ check_foreign_key(PG_FUNCTION_ARGS) * Construct ident string as TriggerName $ TriggeredRelationId and try * to find prepared execution plan(s). */ - sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id); + snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id); plan = find_plan(ident, &FPlans, &nFPlans); /* if there is no plan(s) then allocate argtypes for preparation */ @@ -411,7 +411,7 @@ check_foreign_key(PG_FUNCTION_ARGS) */ if (action == 'r') - sprintf(sql, "select 1 from %s where ", relname); + snprintf(sql, 8192, "select 1 from %s where ", relname); /*--------- * For 'C'ascade action we construct DELETE query @@ -438,7 +438,7 @@ check_foreign_key(PG_FUNCTION_ARGS) char *nv; int k; - sprintf(sql, "update %s set ", relname); + snprintf(sql, 8192, "update %s set ", relname); for (k = 1; k <= nkeys; k++) { int is_char_type = 0; @@ -461,7 +461,8 @@ check_foreign_key(PG_FUNCTION_ARGS) * is_char_type =1 i set ' ' for define a new * value */ - sprintf(sql + strlen(sql), " %s = %s%s%s %s ", + snprintf(sql + strlen(sql), 8192 - strlen(sql), + " %s = %s%s%s %s ", args2[k], (is_char_type > 0) ? "'" : "", nv, (is_char_type > 0) ? "'" : "", (k < nkeys) ? ", " : ""); is_char_type = 0; @@ -471,7 +472,7 @@ check_foreign_key(PG_FUNCTION_ARGS) } else /* DELETE */ - sprintf(sql, "delete from %s where ", relname); + snprintf(sql, 8192, "delete from %s where ", relname); } @@ -483,10 +484,11 @@ check_foreign_key(PG_FUNCTION_ARGS) */ else if (action == 's') { - sprintf(sql, "update %s set ", relname); + snprintf(sql, 8192, "update %s set ", relname); for (i = 1; i <= nkeys; i++) { - sprintf(sql + strlen(sql), "%s = null%s", + snprintf(sql + strlen(sql), 8192 - strlen(sql), + "%s = null%s", args2[i], (i < nkeys) ? ", " : ""); } strcat(sql, " where "); @@ -495,7 +497,7 @@ check_foreign_key(PG_FUNCTION_ARGS) /* Construct WHERE qual */ for (i = 1; i <= nkeys; i++) { - sprintf(sql + strlen(sql), "%s = $%d %s", + snprintf(sql + strlen(sql), 8192 - strlen(sql), "%s = $%d %s", args2[i], i, (i < nkeys) ? "and " : ""); } @@ -545,7 +547,7 @@ check_foreign_key(PG_FUNCTION_ARGS) relname = args[0]; - sprintf(ident, "%s$%u", trigger->tgname, rel->rd_id); + snprintf(ident, 2 * NAMEDATALEN, "%s$%u", trigger->tgname, rel->rd_id); plan = find_plan(ident, &FPlans, &nFPlans); ret = SPI_execp(plan->splan[r], kvals, NULL, tcount); /* we have no NULLs - so we pass ^^^^ here */ |