Avoid possibly-unsafe use of Windows' FormatMessage() function.
Tom Lane <tgl@sss.pgh.pa.us>
Avoid possibly-unsafe use of Windows' FormatMessage() function. Whenever this function is used with the FORMAT_MESSAGE_FROM_SYSTEM flag, it's good practice to include FORMAT_MESSAGE_IGNORE_INSERTS as well. Otherwise, if the message contains any %n insertion markers, the function will try to fetch argument strings to substitute --- which we are not passing, possibly leading to a crash. This is exactly analogous to the rule about not giving printf() a format string you're not in control of. Noted and patched by Christian Ullrich. Back-patch to all supported branches.
Files
| Path | Change | +/− |
|---|---|---|
| src/backend/libpq/auth.c | modified | +3 −1 |
| src/backend/port/win32/socket.c | modified | +3 −1 |
| src/interfaces/libpq/fe-auth.c | modified | +3 −1 |
| src/port/dirmod.c | modified | +6 −2 |