postgresql/contrib/findoidjoins/findoidjoins.c
Bruce Momjian 66eb8df6a4 The attached patch changes most of the usages of sprintf() to
snprintf() in contrib/. I didn't touch the places where pointer
arithmatic was being used, or other areas where the fix wasn't
trivial. I would think that few, if any, of the usages of sprintf()
were actually exploitable, but it's probably better to be paranoid...

Neil Conway
2002-08-15 02:58:29 +00:00

110 lines
2.3 KiB
C

/*
* findoidjoins.c, requires src/interfaces/libpgeasy
*
*/
#include "postgres_fe.h"
#include "libpq-fe.h"
#include "halt.h"
#include "libpgeasy.h"
PGresult *attres,
*relres;
int
main(int argc, char **argv)
{
char query[4000];
char relname[256];
char relname2[256];
char attname[256];
char typname[256];
int count;
char optstr[256];
if (argc != 2)
halt("Usage: %s database\n", argv[0]);
snprintf(optstr, 256, "dbname=%s", argv[1]);
connectdb(optstr);
on_error_continue();
on_error_stop();
doquery("BEGIN WORK");
doquery("\
DECLARE c_attributes BINARY CURSOR FOR \
SELECT typname, relname, a.attname \
FROM pg_class c, pg_attribute a, pg_type t \
WHERE a.attnum > 0 AND \
relkind = 'r' AND \
(typname = 'oid' OR \
typname = 'regproc' OR \
typname = 'regclass' OR \
typname = 'regtype') AND \
a.attrelid = c.oid AND \
a.atttypid = t.oid \
ORDER BY 2, a.attnum ; \
");
doquery("FETCH ALL IN c_attributes");
attres = get_result();
doquery("\
DECLARE c_relations BINARY CURSOR FOR \
SELECT relname \
FROM pg_class c \
WHERE relkind = 'r' AND relhasoids \
ORDER BY 1; \
");
doquery("FETCH ALL IN c_relations");
relres = get_result();
set_result(attres);
while (fetch(typname, relname, attname) != END_OF_TUPLES)
{
set_result(relres);
reset_fetch();
while (fetch(relname2) != END_OF_TUPLES)
{
unset_result(relres);
if (strcmp(typname, "oid") == 0)
snprintf(query, 4000, "\
DECLARE c_matches BINARY CURSOR FOR \
SELECT count(*)::int4 \
FROM \"%s\" t1, \"%s\" t2 \
WHERE t1.\"%s\" = t2.oid ",
relname, relname2, attname);
else
sprintf(query, 4000, "\
DECLARE c_matches BINARY CURSOR FOR \
SELECT count(*)::int4 \
FROM \"%s\" t1, \"%s\" t2 \
WHERE t1.\"%s\"::oid = t2.oid ",
relname, relname2, attname);
doquery(query);
doquery("FETCH ALL IN c_matches");
fetch(&count);
if (count != 0)
printf("Join %s.%s => %s.oid\n", relname, attname, relname2);
doquery("CLOSE c_matches");
set_result(relres);
}
set_result(attres);
}
set_result(relres);
doquery("CLOSE c_relations");
PQclear(relres);
set_result(attres);
doquery("CLOSE c_attributes");
PQclear(attres);
unset_result(attres);
doquery("COMMIT WORK");
disconnectdb();
return 0;
}