Some security, since we now have vsnprintf, I remade an old patch

with some extra ugly sprintfs fixed. More work in this area is needed still. Göran Thyni
1999-01-01 04:48:49 +00:00 · 1999-01-01 04:48:49 +00:00 · f0fbd7b87e
commit f0fbd7b87e
parent d8ae7ffb2f
5 changed files with 15 additions and 18 deletions
--- a/src/backend/utils/error/elog.c
+++ b/src/backend/utils/error/elog.c
@ -7,7 +7,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/error/elog.c,v 1.35 1998/09/01 04:33:07 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/error/elog.c,v 1.36 1999/01/01 04:48:45 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -133,7 +133,7 @@ elog(int lev, const char *fmt,...)
 		else
 			*bp++ = *cp;
 	*bp = '\0';
-	vsprintf(line, buf, ap);
+	vsnprintf(line, ELOG_MAXLEN - 1, buf, ap);
 	va_end(ap);

 #ifdef USE_SYSLOG
--- a/src/backend/utils/error/format.c
+++ b/src/backend/utils/error/format.c
@ -7,7 +7,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/error/Attic/format.c,v 1.7 1998/09/01 03:26:40 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/error/Attic/format.c,v 1.8 1999/01/01 04:48:46 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -29,12 +29,8 @@ char *
 form(const char *fmt,...)
 {
 	va_list		args;
-
 	va_start(args, fmt);
-
-	vsprintf(FormBuf, fmt, args);
-
+	vsnprintf(FormBuf, FormMaxSize - 1, fmt, args);
 	va_end(args);
-
 	return FormBuf;
 }
--- a/src/backend/utils/misc/trace.c
+++ b/src/backend/utils/misc/trace.c
@ -108,7 +108,7 @@ tprintf(int flag, const char *fmt,...)
 #ifdef ELOG_TIMESTAMPS
 	strcpy(line, tprintf_timestamp());
 #endif
-	vsprintf(line + TIMESTAMP_SIZE, fmt, ap);
+	vsnprintf(line + TIMESTAMP_SIZE, ELOG_MAXLEN, fmt, ap);
 	va_end(ap);

 #ifdef USE_SYSLOG
@ -138,7 +138,7 @@ tprintf1(const char *fmt, ... )
 #ifdef ELOG_TIMESTAMPS
 	strcpy(line, tprintf_timestamp());
 #endif
-	vsprintf(line+TIMESTAMP_SIZE, fmt, ap);
+	vsnprintf(line+TIMESTAMP_SIZE, ELOG_MAXLEN, fmt, ap);
 	va_end(ap);

 #ifdef USE_SYSLOG
@ -166,7 +166,7 @@ eprintf(const char *fmt,...)
 #ifdef ELOG_TIMESTAMPS
 	strcpy(line, tprintf_timestamp());
 #endif
-	vsprintf(line + TIMESTAMP_SIZE, fmt, ap);
+	vsnprintf(line + TIMESTAMP_SIZE, ELOG_MAXLEN, fmt, ap);
 	va_end(ap);

 #ifdef USE_SYSLOG
@ -344,7 +344,7 @@ read_pg_options(SIGNAL_ARGS)
 	    return;
 	}

-	sprintf(buffer, "%s/%s", DataDir, "pg_options");
+	snprintf(buffer, BUF_SIZE - 1, "%s/%s", DataDir, "pg_options");
 	if ((fd = open(buffer, O_RDONLY)) < 0)
 		return;

--- a/src/backend/utils/mmgr/portalmem.c
+++ b/src/backend/utils/mmgr/portalmem.c
@ -7,7 +7,7 @@
 *
 *
 * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/mmgr/portalmem.c,v 1.14 1998/09/01 04:33:39 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/mmgr/portalmem.c,v 1.15 1999/01/01 04:48:47 momjian Exp $
 *
 *-------------------------------------------------------------------------
 */
@ -129,7 +129,7 @@ do { \
 	PortalHashEnt *hentry; bool found; char key[MAX_PORTALNAME_LEN]; \
 	\
 	MemSet(key, 0, MAX_PORTALNAME_LEN); \
-	sprintf(key, "%s", NAME); \
+	snprintf(key, MAX_PORTALNAME_LEN - 1, "%s", NAME); \
 	hentry = (PortalHashEnt*)hash_search(PortalHashTable, \
 										 key, HASH_FIND, &found); \
 	if (hentry == NULL) \
@ -145,7 +145,7 @@ do { \
 	PortalHashEnt *hentry; bool found; char key[MAX_PORTALNAME_LEN]; \
 	\
 	MemSet(key, 0, MAX_PORTALNAME_LEN); \
-	sprintf(key, "%s", PORTAL->name); \
+	snprintf(key, MAX_PORTALNAME_LEN - 1, "%s", PORTAL->name); \
 	hentry = (PortalHashEnt*)hash_search(PortalHashTable, \
 										 key, HASH_ENTER, &found); \
 	if (hentry == NULL) \
@ -160,7 +160,7 @@ do { \
 	PortalHashEnt *hentry; bool found; char key[MAX_PORTALNAME_LEN]; \
 	\
 	MemSet(key, 0, MAX_PORTALNAME_LEN); \
-	sprintf(key, "%s", PORTAL->name); \
+	snprintf(key, MAX_PORTALNAME_LEN - 1, "%s", PORTAL->name); \
 	hentry = (PortalHashEnt*)hash_search(PortalHashTable, \
 										 key, HASH_REMOVE, &found); \
 	if (hentry == NULL) \
--- a/src/backend/utils/sort/psort.c
+++ b/src/backend/utils/sort/psort.c
@ -4,7 +4,7 @@
 *
 * Copyright (c) 1994, Regents of the University of California
 *
- *	  $Id: psort.c,v 1.45 1998/12/14 08:11:14 scrappy Exp $
+ *	  $Id: psort.c,v 1.46 1999/01/01 04:48:49 momjian Exp $
 *
 * NOTES
 *		Sorts the first relation into the second relation.
@ -1019,7 +1019,8 @@ gettape()

 	tp = (struct tapelst *) palloc((unsigned) sizeof(struct tapelst));

-	sprintf(uniqueName, "%spg_psort.%d.%d", TEMPDIR, (int) MyProcPid, uniqueFileId);
+	snprintf(uniqueName, MAXPGPATH - 1, "%spg_psort.%d.%d", 
+		 TEMPDIR, (int) MyProcPid, uniqueFileId);
 	uniqueFileId++;

 	tapeinit = 1;