From 7db1d713733a0f3cb99da24bd898acb64c989478 Mon Sep 17 00:00:00 2001 From: Daniel Gustafsson Date: Mon, 28 Jun 2021 20:45:30 +0200 Subject: [PATCH v3 1/3] Fix sscanf limit in pg_basebackup Ensure that the string parsing is limited by the size of the destination buffer in the formatstring. The available values sent from the servere are limited to two characters so there was no risk of overflow. --- src/bin/pg_basebackup/streamutil.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/pg_basebackup/streamutil.c b/src/bin/pg_basebackup/streamutil.c index f5b3b476e5..e18d852ff2 100644 --- a/src/bin/pg_basebackup/streamutil.c +++ b/src/bin/pg_basebackup/streamutil.c @@ -310,7 +310,7 @@ RetrieveWalSegSize(PGconn *conn) } /* fetch xlog value and unit from the result */ - if (sscanf(PQgetvalue(res, 0, 0), "%d%s", &xlog_val, xlog_unit) != 2) + if (sscanf(PQgetvalue(res, 0, 0), "%d%2s", &xlog_val, xlog_unit) != 2) { pg_log_error("WAL segment size could not be parsed"); PQclear(res); -- 2.30.1 (Apple Git-130)