The attached patch changes most of the usages of sprintf() to

bmomjian · bmomjian · commit 66eb8df6a4a0 · 2002-08-15T02:58:29.000Z
snprintf() in contrib/. I didn't touch the places where pointer
arithmatic was being used, or other areas where the fix wasn't
trivial. I would think that few, if any, of the usages of sprintf()
were actually exploitable, but it's probably better to be paranoid...

Neil Conway
diff --git a/contrib/dbase/dbf.c b/contrib/dbase/dbf.c
@@ -437,7 +437,7 @@ dbf_put_record(dbhead * dbh, field * rec, u_long where)
 	format: sprintf format-string to get the right precision with real numbers
 
 	NOTE: this declaration of 'foo' can cause overflow when the contents-field
-	is longer the 127 chars (which is highly unlikely, cos it is not used
+	is longer the 127 chars (which is highly unlikely, because it is not used
 	in text-fields).
 */
 /*	REMEMBER THAT THERE'S A 0x1A AT THE END OF THE FILE, SO DON'T
@@ -488,11 +488,11 @@ dbf_put_record(dbhead * dbh, field * rec, u_long where)
 				if ((rec[t].db_type == 'N') && (rec[t].db_dec != 0))
 				{
 					fl = atof(rec[t].db_contents);
-					sprintf(format, "%%.%df", rec[t].db_dec);
-					sprintf(foo, format, fl);
+					snprintf(format, 32, "%%.%df", rec[t].db_dec);
+					snprintf(foo, 128, format, fl);
 				}
 				else
-					strcpy(foo, rec[t].db_contents);
+					strncpy(foo, rec[t].db_contents, 128);
 				if (strlen(foo) > rec[t].db_flen)
 					length = rec[t].db_flen;
 				else
diff --git a/contrib/dbase/dbf2pg.c b/contrib/dbase/dbf2pg.c
@@ -308,7 +308,7 @@ do_create(PGconn *conn, char *table, dbhead * dbh)
 				if (dbh->db_fields[i].db_flen > 1)
 				{
 					strcat(query, " varchar");
-					sprintf(t, "(%d)",
+					snprintf(t, 20, "(%d)",
 							dbh->db_fields[i].db_flen);
 					strcat(query, t);
 				}
@@ -361,7 +361,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh)
 				result;
 	char	   *query,
 			   *foo;
-	char		pgdate[10];
+	char		pgdate[11];
 
 	if (verbose > 1)
 		printf("Inserting records\n");
@@ -467,7 +467,7 @@ do_inserts(PGconn *conn, char *table, dbhead * dbh)
 				{
 					if ((strlen(foo) == 8) && isinteger(foo))
 					{
-						sprintf(pgdate, "%c%c%c%c-%c%c-%c%c",
+						snprintf(pgdate, 11, "%c%c%c%c-%c%c-%c%c",
 								foo[0], foo[1], foo[2], foo[3],
 								foo[4], foo[5], foo[6], foo[7]);
 						strcat(query, pgdate);
diff --git a/contrib/findoidjoins/findoidjoins.c b/contrib/findoidjoins/findoidjoins.c
@@ -68,14 +68,14 @@ main(int argc, char **argv)
 		{
 			unset_result(relres);
 			if (strcmp(typname, "oid") == 0)
-				sprintf(query, "\
+				snprintf(query, 4000, "\
 					DECLARE c_matches BINARY CURSOR FOR \
 					SELECT	count(*)::int4 \
 						FROM \"%s\" t1, \"%s\" t2 \
 					WHERE t1.\"%s\" = t2.oid ",
 						relname, relname2, attname);
 			else
-				sprintf(query, "\
+				sprintf(query, 4000, "\
 					DECLARE c_matches BINARY CURSOR FOR \
 					SELECT	count(*)::int4 \
 						FROM \"%s\" t1, \"%s\" t2 \
diff --git a/contrib/lo/lo.c b/contrib/lo/lo.c
@@ -1,7 +1,7 @@
 /*
  *	PostgreSQL type definitions for managed LargeObjects.
  *
- *	$Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.11 2001/12/07 04:18:31 inoue Exp $
+ *	$Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.12 2002/08/15 02:58:29 momjian Exp $
  *
  */
 
@@ -92,7 +92,7 @@ lo_out(Blob * addr)
 		return (NULL);
 
 	result = (char *) palloc(32);
-	sprintf(result, "%u", *addr);
+	snprintf(result, 32, "%u", *addr);
 	return (result);
 }
 
diff --git a/contrib/mSQL-interface/mpgsql.c b/contrib/mSQL-interface/mpgsql.c
@@ -106,7 +106,7 @@ msqlCreateDB(int a, char *b)
 {
 	char		tbuf[BUFSIZ];
 
-	sprintf(tbuf, "create database %s", b);
+	snprintf(tbuf, BUFSIZ, "create database %s", b);
 	return msqlQuery(a, tbuf) >= 0 ? 0 : -1;
 }
 
@@ -115,7 +115,7 @@ msqlDropDB(int a, char *b)
 {
 	char		tbuf[BUFSIZ];
 
-	sprintf(tbuf, "drop database %s", b);
+	snprintf(tbuf, BUFSIZ, "drop database %s", b);
 	return msqlQuery(a, tbuf) >= 0 ? 0 : -1;
 }
 
@@ -262,7 +262,9 @@ msqlListTables(int a)
 	m_result   *m;
 	char		tbuf[BUFSIZ];
 
-	sprintf(tbuf, "select relname from pg_class where relkind='r' and relowner=%d", getuid());
+	snprintf(tbuf, BUFSIZ,
+			 "select relname from pg_class where relkind='r' and relowner=%d",
+			 getuid());
 	if (msqlQuery(a, tbuf) > 0)
 	{
 		m = msqlStoreResult();
@@ -284,7 +286,9 @@ msqlListIndex(int a, char *b, char *c)
 	m_result   *m;
 	char		tbuf[BUFSIZ];
 
-	sprintf(tbuf, "select relname from pg_class where relkind='i' and relowner=%d", getuid());
+	snprintf(tbuf, BUFSIZ,
+			 "select relname from pg_class where relkind='i' and relowner=%d",
+			 getuid());
 	if (msqlQuery(a, tbuf) > 0)
 	{
 		m = msqlStoreResult();
diff --git a/contrib/oid2name/oid2name.c b/contrib/oid2name/oid2name.c
@@ -337,7 +337,7 @@ sql_exec_dumpdb(PGconn *conn)
 	char		todo[1024];
 
 	/* get the oid and database name from the system pg_database table */
-	sprintf(todo, "select oid,datname from pg_database");
+	snprintf(todo, 1024, "select oid,datname from pg_database");
 
 	sql_exec(conn, todo, 0);
 }
@@ -351,9 +351,9 @@ sql_exec_dumptable(PGconn *conn, int systables)
 
 	/* don't exclude the systables if this is set */
 	if (systables == 1)
-		sprintf(todo, "select relfilenode,relname from pg_class order by relname");
+		snprintf(todo, 1024, "select relfilenode,relname from pg_class order by relname");
 	else
-		sprintf(todo, "select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname");
+		snprintf(todo, 1024, "select relfilenode,relname from pg_class where relname not like 'pg_%%' order by relname");
 
 	sql_exec(conn, todo, 0);
 }
@@ -367,7 +367,7 @@ sql_exec_searchtable(PGconn *conn, const char *tablename)
 	char		todo[1024];
 
 	/* get the oid and tablename where the name matches tablename */
-	sprintf(todo, "select relfilenode,relname from pg_class where relname = '%s'", tablename);
+	snprintf(todo, 1024, "select relfilenode,relname from pg_class where relname = '%s'", tablename);
 
 	returnvalue = sql_exec(conn, todo, 1);
 
@@ -386,7 +386,7 @@ sql_exec_searchoid(PGconn *conn, int oid)
 	int			returnvalue;
 	char		todo[1024];
 
-	sprintf(todo, "select relfilenode,relname from pg_class where oid = %i", oid);
+	snprintf(todo, 1024, "select relfilenode,relname from pg_class where oid = %i", oid);
 
 	returnvalue = sql_exec(conn, todo, 1);
 
diff --git a/contrib/pg_dumplo/lo_export.c b/contrib/pg_dumplo/lo_export.c
@@ -1,7 +1,7 @@
 /* -------------------------------------------------------------------------
  * pg_dumplo
  *
- * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_export.c,v 1.8 2001/10/25 05:49:19 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_export.c,v 1.9 2002/08/15 02:58:29 momjian Exp $
  *
  *					Karel Zak 1999-2000
  * -------------------------------------------------------------------------
@@ -110,8 +110,9 @@ pglo_export(LODumpMaster * pgLO)
 		/*
 		 * Query: find the LOs referenced by this column
 		 */
-		sprintf(Qbuff, "SELECT DISTINCT l.loid FROM \"%s\" x, pg_largeobject l WHERE x.\"%s\" = l.loid",
-				ll->lo_table, ll->lo_attr);
+		snprintf(Qbuff, QUERY_BUFSIZ,
+				 "SELECT DISTINCT l.loid FROM \"%s\" x, pg_largeobject l WHERE x.\"%s\" = l.loid",
+				 ll->lo_table, ll->lo_attr);
 
 		/* puts(Qbuff); */
 
@@ -140,7 +141,7 @@ pglo_export(LODumpMaster * pgLO)
 			if (pgLO->action != ACTION_SHOW)
 			{
 
-				sprintf(path, "%s/%s/%s", pgLO->space, pgLO->db,
+				snprintf(path, BUFSIZ, "%s/%s/%s", pgLO->space, pgLO->db,
 						ll->lo_table);
 
 				if (mkdir(path, DIR_UMASK) == -1)
@@ -152,7 +153,7 @@ pglo_export(LODumpMaster * pgLO)
 					}
 				}
 
-				sprintf(path, "%s/%s/%s/%s", pgLO->space, pgLO->db,
+				snprintf(path, BUFSIZ, "%s/%s/%s/%s", pgLO->space, pgLO->db,
 						ll->lo_table, ll->lo_attr);
 
 				if (mkdir(path, DIR_UMASK) == -1)
@@ -185,7 +186,7 @@ pglo_export(LODumpMaster * pgLO)
 					continue;
 				}
 
-				sprintf(path, "%s/%s/%s/%s/%s", pgLO->space,
+				snprintf(path, BUFSIZ, "%s/%s/%s/%s/%s", pgLO->space,
 						pgLO->db, ll->lo_table, ll->lo_attr, val);
 
 				if (lo_export(pgLO->conn, lo, path) < 0)
diff --git a/contrib/pg_dumplo/lo_import.c b/contrib/pg_dumplo/lo_import.c
@@ -1,7 +1,7 @@
 /* -------------------------------------------------------------------------
  * pg_dumplo
  *
- * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_import.c,v 1.6 2001/10/25 05:49:19 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/lo_import.c,v 1.7 2002/08/15 02:58:29 momjian Exp $
  *
  *					Karel Zak 1999-2000
  * -------------------------------------------------------------------------
@@ -48,7 +48,7 @@ pglo_import(LODumpMaster * pgLO)
 		loa.lo_table = tab;
 		loa.lo_attr = attr;
 
-		sprintf(lo_path, "%s/%s", pgLO->space, path);
+		snprintf(lo_path, BUFSIZ, "%s/%s", pgLO->space, path);
 
 		/*
 		 * Import LO
@@ -81,7 +81,8 @@ pglo_import(LODumpMaster * pgLO)
 		/*
 		 * UPDATE oid in tab
 		 */
-		sprintf(Qbuff, "UPDATE \"%s\" SET \"%s\"=%u WHERE \"%s\"=%u",
+		snprintf(Qbuff, QUERY_BUFSIZ,
+			"UPDATE \"%s\" SET \"%s\"=%u WHERE \"%s\"=%u",
 			loa.lo_table, loa.lo_attr, new_oid, loa.lo_attr, loa.lo_oid);
 
 		/* fprintf(stderr, Qbuff); */
diff --git a/contrib/pg_dumplo/utils.c b/contrib/pg_dumplo/utils.c
@@ -1,7 +1,7 @@
 /* -------------------------------------------------------------------------
  * pg_dumplo
  *
- * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.4 2001/03/22 03:59:10 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.5 2002/08/15 02:58:29 momjian Exp $
  *
  *					Karel Zak 1999-2000
  * -------------------------------------------------------------------------
@@ -36,7 +36,7 @@ index_file(LODumpMaster * pgLO)
 	if (pgLO->action == ACTION_SHOW)
 		return;
 
-	sprintf(path, "%s/%s", pgLO->space, pgLO->db);
+	snprintf(path, BUFSIZ, "%s/%s", pgLO->space, pgLO->db);
 
 	if (pgLO->action == ACTION_EXPORT_ATTR ||
 		pgLO->action == ACTION_EXPORT_ALL)
@@ -51,7 +51,7 @@ index_file(LODumpMaster * pgLO)
 			}
 		}
 
-		sprintf(path, "%s/lo_dump.index", path);
+		snprintf(path, BUFSIZ, "%s/lo_dump.index", path);
 
 		if ((pgLO->index = fopen(path, "w")) == NULL)
 		{
@@ -63,7 +63,7 @@ index_file(LODumpMaster * pgLO)
 	else if (pgLO->action != ACTION_NONE)
 	{
 
-		sprintf(path, "%s/lo_dump.index", path);
+		snprintf(path, BUFSIZ, "%s/lo_dump.index", path);
 
 		if ((pgLO->index = fopen(path, "r")) == NULL)
 		{
diff --git a/contrib/pg_resetxlog/pg_resetxlog.c b/contrib/pg_resetxlog/pg_resetxlog.c
@@ -23,7 +23,7 @@
  * Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group
  * Portions Copyright (c) 1994, Regents of the University of California
  *
- * $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.18 2002/06/20 20:29:24 momjian Exp $
+ * $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.19 2002/08/15 02:58:29 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -352,7 +352,7 @@ KillExistingXLOG(void)
 		if (strlen(xlde->d_name) == 16 &&
 			strspn(xlde->d_name, "0123456789ABCDEF") == 16)
 		{
-			sprintf(path, "%s/%s", XLogDir, xlde->d_name);
+			snprintf(path, MAXPGPATH, "%s/%s", XLogDir, xlde->d_name);
 			if (unlink(path) < 0)
 			{
 				perror(path);
diff --git a/contrib/pgbench/pgbench.c b/contrib/pgbench/pgbench.c
@@ -1,5 +1,5 @@
 /*
- * $Header: /cvsroot/pgsql/contrib/pgbench/pgbench.c,v 1.17 2002/07/20 03:02:01 ishii Exp $
+ * $Header: /cvsroot/pgsql/contrib/pgbench/pgbench.c,v 1.18 2002/08/15 02:58:29 momjian Exp $
  *
  * pgbench: a simple TPC-B like benchmark program for PostgreSQL
  * written by Tatsuo Ishii
@@ -310,26 +310,26 @@ doOne(CState * state, int n, int debug, int ttype)
 				gettimeofday(&(st->txn_begin), 0);
 			break;
 		case 1:
-			sprintf(sql, "update accounts set abalance = abalance + %d where aid = %d\n", st->delta, st->aid);
+			snprintf(sql, 256, "update accounts set abalance = abalance + %d where aid = %d\n", st->delta, st->aid);
 			break;
 		case 2:
-			sprintf(sql, "select abalance from accounts where aid = %d", st->aid);
+			snprintf(sql, 256, "select abalance from accounts where aid = %d", st->aid);
 			break;
 		case 3:
 			if (ttype == 0)
 			{
-			    sprintf(sql, "update tellers set tbalance = tbalance + %d where tid = %d\n",
+			    snprintf(sql, 256, "update tellers set tbalance = tbalance + %d where tid = %d\n",
 				    st->delta, st->tid);
 			    break;
 			}
 		case 4:
 			if (ttype == 0)
 			{
-			    sprintf(sql, "update branches set bbalance = bbalance + %d where bid = %d", st->delta, st->bid);
+			    snprintf(sql, 256, "update branches set bbalance = bbalance + %d where bid = %d", st->delta, st->bid);
 			    break;
 			}
 		case 5:
-			sprintf(sql, "insert into history(tid,bid,aid,delta,mtime) values(%d,%d,%d,%d,'now')",
+			snprintf(sql, 256, "insert into history(tid,bid,aid,delta,mtime) values(%d,%d,%d,%d,'now')",
 					st->tid, st->bid, st->aid, st->delta);
 			break;
 		case 6:
@@ -426,7 +426,7 @@ doSelectOnly(CState * state, int n, int debug)
 	{
 		case 0:
 			st->aid = getrand(1, naccounts * tps);
-			sprintf(sql, "select abalance from accounts where aid = %d", st->aid);
+			snprintf(sql, 256, "select abalance from accounts where aid = %d", st->aid);
 			break;
 	}
 
@@ -500,7 +500,7 @@ init(void)
 
 	for (i = 0; i < nbranches * tps; i++)
 	{
-		sprintf(sql, "insert into branches(bid,bbalance) values(%d,0)", i + 1);
+		snprintf(sql, 256, "insert into branches(bid,bbalance) values(%d,0)", i + 1);
 		res = PQexec(con, sql);
 		if (PQresultStatus(res) != PGRES_COMMAND_OK)
 		{
@@ -512,7 +512,7 @@ init(void)
 
 	for (i = 0; i < ntellers * tps; i++)
 	{
-		sprintf(sql, "insert into tellers(tid,bid,tbalance) values (%d,%d,0)"
+		snprintf(sql, 256, "insert into tellers(tid,bid,tbalance) values (%d,%d,0)"
 				,i + 1, i / ntellers + 1);
 		res = PQexec(con, sql);
 		if (PQresultStatus(res) != PGRES_COMMAND_OK)
@@ -550,7 +550,7 @@ init(void)
 			PQclear(res);
 		}
 
-		sprintf(sql, "%d\t%d\t%d\t\n", j, j / naccounts, 0);
+		snprintf(sql, 256, "%d\t%d\t%d\t\n", j, j / naccounts, 0);
 		if (PQputline(con, sql))
 		{
 			fprintf(stderr, "PQputline failed\n");
diff --git a/contrib/rserv/rserv.c b/contrib/rserv/rserv.c
diff --git a/contrib/spi/refint.c b/contrib/spi/refint.c
diff --git a/contrib/spi/timetravel.c b/contrib/spi/timetravel.c
diff --git a/contrib/vacuumlo/vacuumlo.c b/contrib/vacuumlo/vacuumlo.c

Original file line number	Diff line number	Diff line change
`@@ -308,7 +308,7 @@ do_create(PGconn conn, char table, dbhead * dbh)`
`308`	`308`	`if (dbh->db_fields[i].db_flen > 1)`
`309`	`309`	`{`
`310`	`310`	`strcat(query, " varchar");`
`311`		`- sprintf(t, "(%d)",`
	`311`	`+ snprintf(t, 20, "(%d)",`
`312`	`312`	`dbh->db_fields[i].db_flen);`
`313`	`313`	`strcat(query, t);`
`314`	`314`	`}`
`@@ -361,7 +361,7 @@ do_inserts(PGconn conn, char table, dbhead * dbh)`
`361`	`361`	`result;`
`362`	`362`	`char *query,`
`363`	`363`	`*foo;`
`364`		`- char pgdate[10];`
	`364`	`+ char pgdate[11];`
`365`	`365`
`366`	`366`	`if (verbose > 1)`
`367`	`367`	`printf("Inserting records\n");`
`@@ -467,7 +467,7 @@ do_inserts(PGconn conn, char table, dbhead * dbh)`
`467`	`467`	`{`
`468`	`468`	`if ((strlen(foo) == 8) && isinteger(foo))`
`469`	`469`	`{`
`470`		`- sprintf(pgdate, "%c%c%c%c-%c%c-%c%c",`
	`470`	`+ snprintf(pgdate, 11, "%c%c%c%c-%c%c-%c%c",`
`471`	`471`	`foo[0], foo[1], foo[2], foo[3],`
`472`	`472`	`foo[4], foo[5], foo[6], foo[7]);`
`473`	`473`	`strcat(query, pgdate);`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/*`
`2`	`2`	`* PostgreSQL type definitions for managed LargeObjects.`
`3`	`3`	`*`
`4`		`- * $Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.11 2001/12/07 04:18:31 inoue Exp $`
	`4`	`+ * $Header: /cvsroot/pgsql/contrib/lo/lo.c,v 1.12 2002/08/15 02:58:29 momjian Exp $`
`5`	`5`	`*`
`6`	`6`	`*/`
`7`	`7`
`@@ -92,7 +92,7 @@ lo_out(Blob * addr)`
`92`	`92`	`return (NULL);`
`93`	`93`
`94`	`94`	`result = (char *) palloc(32);`
`95`		`- sprintf(result, "%u", *addr);`
	`95`	`+ snprintf(result, 32, "%u", *addr);`
`96`	`96`	`return (result);`
`97`	`97`	`}`
`98`	`98`
Original file line number	Diff line number	Diff line change
`@@ -106,7 +106,7 @@ msqlCreateDB(int a, char *b)`
`106`	`106`	`{`
`107`	`107`	`char tbuf[BUFSIZ];`
`108`	`108`
`109`		`- sprintf(tbuf, "create database %s", b);`
	`109`	`+ snprintf(tbuf, BUFSIZ, "create database %s", b);`
`110`	`110`	`return msqlQuery(a, tbuf) >= 0 ? 0 : -1;`
`111`	`111`	`}`
`112`	`112`
`@@ -115,7 +115,7 @@ msqlDropDB(int a, char *b)`
`115`	`115`	`{`
`116`	`116`	`char tbuf[BUFSIZ];`
`117`	`117`
`118`		`- sprintf(tbuf, "drop database %s", b);`
	`118`	`+ snprintf(tbuf, BUFSIZ, "drop database %s", b);`
`119`	`119`	`return msqlQuery(a, tbuf) >= 0 ? 0 : -1;`
`120`	`120`	`}`
`121`	`121`
`@@ -262,7 +262,9 @@ msqlListTables(int a)`
`262`	`262`	`m_result *m;`
`263`	`263`	`char tbuf[BUFSIZ];`
`264`	`264`
`265`		`- sprintf(tbuf, "select relname from pg_class where relkind='r' and relowner=%d", getuid());`
	`265`	`+ snprintf(tbuf, BUFSIZ,`
	`266`	`+ "select relname from pg_class where relkind='r' and relowner=%d",`
	`267`	`+ getuid());`
`266`	`268`	`if (msqlQuery(a, tbuf) > 0)`
`267`	`269`	`{`
`268`	`270`	`m = msqlStoreResult();`
`@@ -284,7 +286,9 @@ msqlListIndex(int a, char b, char c)`
`284`	`286`	`m_result *m;`
`285`	`287`	`char tbuf[BUFSIZ];`
`286`	`288`
`287`		`- sprintf(tbuf, "select relname from pg_class where relkind='i' and relowner=%d", getuid());`
	`289`	`+ snprintf(tbuf, BUFSIZ,`
	`290`	`+ "select relname from pg_class where relkind='i' and relowner=%d",`
	`291`	`+ getuid());`
`288`	`292`	`if (msqlQuery(a, tbuf) > 0)`
`289`	`293`	`{`
`290`	`294`	`m = msqlStoreResult();`
Original file line number	Diff line number	Diff line change
`@@ -1,7 +1,7 @@`
`1`	`1`	`/* -------------------------------------------------------------------------`
`2`	`2`	`* pg_dumplo`
`3`	`3`	`*`
`4`		`- * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.4 2001/03/22 03:59:10 momjian Exp $`
	`4`	`+ * $Header: /cvsroot/pgsql/contrib/pg_dumplo/Attic/utils.c,v 1.5 2002/08/15 02:58:29 momjian Exp $`
`5`	`5`	`*`
`6`	`6`	`* Karel Zak 1999-2000`
`7`	`7`	`* -------------------------------------------------------------------------`
`@@ -36,7 +36,7 @@ index_file(LODumpMaster * pgLO)`
`36`	`36`	`if (pgLO->action == ACTION_SHOW)`
`37`	`37`	`return;`
`38`	`38`
`39`		`- sprintf(path, "%s/%s", pgLO->space, pgLO->db);`
	`39`	`+ snprintf(path, BUFSIZ, "%s/%s", pgLO->space, pgLO->db);`
`40`	`40`
`41`	`41`	`if (pgLO->action == ACTION_EXPORT_ATTR \|\|`
`42`	`42`	`pgLO->action == ACTION_EXPORT_ALL)`
`@@ -51,7 +51,7 @@ index_file(LODumpMaster * pgLO)`
`51`	`51`	`}`
`52`	`52`	`}`
`53`	`53`
`54`		`- sprintf(path, "%s/lo_dump.index", path);`
	`54`	`+ snprintf(path, BUFSIZ, "%s/lo_dump.index", path);`
`55`	`55`
`56`	`56`	`if ((pgLO->index = fopen(path, "w")) == NULL)`
`57`	`57`	`{`
`@@ -63,7 +63,7 @@ index_file(LODumpMaster * pgLO)`
`63`	`63`	`else if (pgLO->action != ACTION_NONE)`
`64`	`64`	`{`
`65`	`65`
`66`		`- sprintf(path, "%s/lo_dump.index", path);`
	`66`	`+ snprintf(path, BUFSIZ, "%s/lo_dump.index", path);`
`67`	`67`
`68`	`68`	`if ((pgLO->index = fopen(path, "r")) == NULL)`
`69`	`69`	`{`
Original file line number	Diff line number	Diff line change
`@@ -23,7 +23,7 @@`
`23`	`23`	`* Portions Copyright (c) 1996-2002, PostgreSQL Global Development Group`
`24`	`24`	`* Portions Copyright (c) 1994, Regents of the University of California`
`25`	`25`	`*`
`26`		`- * $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.18 2002/06/20 20:29:24 momjian Exp $`
	`26`	`+ * $Header: /cvsroot/pgsql/contrib/pg_resetxlog/Attic/pg_resetxlog.c,v 1.19 2002/08/15 02:58:29 momjian Exp $`
`27`	`27`	`*`
`28`	`28`	`*-------------------------------------------------------------------------`
`29`	`29`	`*/`
`@@ -352,7 +352,7 @@ KillExistingXLOG(void)`
`352`	`352`	`if (strlen(xlde->d_name) == 16 &&`
`353`	`353`	`strspn(xlde->d_name, "0123456789ABCDEF") == 16)`
`354`	`354`	`{`
`355`		`- sprintf(path, "%s/%s", XLogDir, xlde->d_name);`
	`355`	`+ snprintf(path, MAXPGPATH, "%s/%s", XLogDir, xlde->d_name);`
`356`	`356`	`if (unlink(path) < 0)`
`357`	`357`	`{`
`358`	`358`	`perror(path);`