| From: | Alvaro Herrera <alvherre(at)atentus(dot)com> |
|---|---|
| To: | Neil Conway <nconway(at)klamath(dot)dyndns(dot)org> |
| Cc: | PostgreSQL Patches <pgsql-patches(at)postgresql(dot)org> |
| Subject: | Re: contrib/ buffer paranoia |
| Date: | 2002-08-12 18:33:37 |
| Message-ID: | Pine.LNX.4.44.0208121431510.6581-100000@cm-lcon1-46-187.cm.vtr.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-patches |
Neil Conway dijo:
> The attached patch changes most of the usages of sprintf() to
> snprintf() in contrib/. I didn't touch the places where pointer
> arithmatic was being used, or other areas where the fix wasn't
> trivial. I would think that few, if any, of the usages of sprintf()
> were actually exploitable, but it's probably better to be paranoid...
>
> Unless anyone sees a problem, please apply.
I think in dbase/dbf2pg.c the limit of 10 to pgdate should be 11
(snprintf counts the \0 at the end).
--
Alvaro Herrera (<alvherre[a]atentus.com>)
"Coge la flor que hoy nace alegre, ufana. Quién sabe si nacera otra mañana?"
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Neil Conway | 2002-08-12 18:51:24 | Re: contrib/ buffer paranoia |
| Previous Message | Ulrich Neumann | 2002-08-12 17:10:41 | Re: Antw: Re: Patch for NetWare support |