diff options
author | laforge <laforge> | 2005-02-12 21:19:17 +0000 |
---|---|---|
committer | laforge <laforge> | 2005-02-12 21:19:17 +0000 |
commit | cb236a62cac875c4271a682cf90f20b859b8c0d1 (patch) | |
tree | c74e4b43470b797aaa806f32c6f29ffb4d026f51 | |
parent | 3249b84bfded2d8edfaf52c77752370faa295831 (diff) |
fix potential buffer overflow
-rw-r--r-- | ulogd/pgsql/ulogd_PGSQL.c | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ulogd/pgsql/ulogd_PGSQL.c b/ulogd/pgsql/ulogd_PGSQL.c index b077fee..0c1f698 100644 --- a/ulogd/pgsql/ulogd_PGSQL.c +++ b/ulogd/pgsql/ulogd_PGSQL.c @@ -241,12 +241,14 @@ static int pgsql_createstmt(void) return 0; } +#define PGSQL_GETCOLUMN_TEMPLATE "SELECT a.attname FROM pg_class c, pg_attribute a WHERE c.relname ='%s' AND a.attnum>0 AND a.attrelid=c.oid ORDER BY a.attnum + /* find out which columns the table has */ static int pgsql_get_columns(const char *table) { PGresult *result; char buf[ULOGD_MAX_KEYLEN]; - char pgbuf[256]; + char pgbuf[strlen(PGSQL_GETCOLUMN_TEMPLATE)+strlen(table)+1]; char *underscore; struct _field *f; int id; @@ -255,9 +257,7 @@ static int pgsql_get_columns(const char *table) if (!dbh) return 1; - strcpy(pgbuf, "SELECT a.attname FROM pg_class c, pg_attribute a WHERE c.relname ='"); - strncat(pgbuf, table, strlen(table)); - strcat(pgbuf, "' AND a.attnum>0 AND a.attrelid=c.oid ORDER BY a.attnum"); + snprintf(pgbuf, sizeof(pgbuf)-1, "SELECT a.attname FROM pg_class c, pg_attribute a WHERE c.relname ='%s' AND a.attnum>0 AND a.attrelid=c.oid ORDER BY a.attnum", table); ulogd_log(ULOGD_DEBUG, pgbuf); result = PQexec(dbh, pgbuf); |