Some security, since we now have vsnprintf, I remade an old patch

   with some extra ugly sprintfs fixed. More work in this area is
   needed still.

Göran Thyni

2 files changed, 4 insertions, 8 deletions

diff --git a/src/backend/utils/error/elog.c b/src/backend/utils/error/elog.c
index 09f4627daf..e965cd2ad3 100644
--- a/src/backend/utils/error/elog.c
+++ b/src/backend/utils/error/elog.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/error/elog.c,v 1.35 1998/09/01 04:33:07 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/error/elog.c,v 1.36 1999/01/01 04:48:45 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -133,7 +133,7 @@ elog(int lev, const char *fmt,...)
 		else
 			*bp++ = *cp;
 	*bp = '\0';
-	vsprintf(line, buf, ap);
+	vsnprintf(line, ELOG_MAXLEN - 1, buf, ap);
 	va_end(ap);
 
 #ifdef USE_SYSLOG
diff --git a/src/backend/utils/error/format.c b/src/backend/utils/error/format.c
index 7c3661da4b..a4e526083b 100644
--- a/src/backend/utils/error/format.c
+++ b/src/backend/utils/error/format.c
@@ -7,7 +7,7 @@
  *
  *
  * IDENTIFICATION
- *	  $Header: /cvsroot/pgsql/src/backend/utils/error/Attic/format.c,v 1.7 1998/09/01 03:26:40 momjian Exp $
+ *	  $Header: /cvsroot/pgsql/src/backend/utils/error/Attic/format.c,v 1.8 1999/01/01 04:48:46 momjian Exp $
  *
  *-------------------------------------------------------------------------
  */
@@ -29,12 +29,8 @@ char *
 form(const char *fmt,...)
 {
 	va_list		args;
-
 	va_start(args, fmt);
-
-	vsprintf(FormBuf, fmt, args);
-
+	vsnprintf(FormBuf, FormMaxSize - 1, fmt, args);
 	va_end(args);
-
 	return FormBuf;
 }