Avoid possibly-unsafe use of Windows' FormatMessage() function.

Tom Lane <tgl@sss.pgh.pa.us>

Commit: b4b06931ed22e9a38442b16676aaf16ace92bf8d
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2016-03-29T15:54:58Z
Releases: 9.2.17
Avoid possibly-unsafe use of Windows' FormatMessage() function.

Whenever this function is used with the FORMAT_MESSAGE_FROM_SYSTEM flag,
it's good practice to include FORMAT_MESSAGE_IGNORE_INSERTS as well.
Otherwise, if the message contains any %n insertion markers, the function
will try to fetch argument strings to substitute --- which we are not
passing, possibly leading to a crash.  This is exactly analogous to the
rule about not giving printf() a format string you're not in control of.

Noted and patched by Christian Ullrich.
Back-patch to all supported branches.

Files

PathChange+/−
src/backend/libpq/auth.c modified +3 −1
src/backend/port/win32/socket.c modified +3 −1
src/interfaces/libpq/fe-auth.c modified +3 −1
src/port/dirmod.c modified +6 −2