tags 643451 +patch
thanks
Patch and series file attatched just create debian/patches and drop them
in (the package uses 3.0 quilt but doesn't currently have any patches)
Description: Fix format security errors
Author: Peter Green <plugw...@p10link.net>
Bug-Debian: http://bugs.debian.org/643451
--- orafce-3.0.1.orig/file.c
+++ orafce-3.0.1/file.c
@@ -68,7 +68,7 @@ PG_FUNCTION_INFO_V1(utl_file_tmpdir);
ereport(ERROR, \
(errcode(ERRCODE_RAISE_EXCEPTION), \
errmsg(msg), \
- errdetail(detail)))
+ errdetail("%s",detail)))
#define INVALID_FILEHANDLE_EXCEPTION() CUSTOM_EXCEPTION(INVALID_FILEHANDLE, "Used file handle isn't valid.")
--- orafce-3.0.1.orig/plunit.c
+++ orafce-3.0.1/plunit.c
@@ -81,7 +81,7 @@ plunit_assert_true_message(PG_FUNCTION_A
if (PG_ARGISNULL(0) || !condition)
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_true).")));
PG_RETURN_VOID();
@@ -115,7 +115,7 @@ plunit_assert_false_message(PG_FUNCTION_
if (PG_ARGISNULL(0) || condition)
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_false).")));
PG_RETURN_VOID();
@@ -148,7 +148,7 @@ plunit_assert_null_message(PG_FUNCTION_A
if (!PG_ARGISNULL(0))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_null).")));
PG_RETURN_VOID();
@@ -181,7 +181,7 @@ plunit_assert_not_null_message(PG_FUNCTI
if (PG_ARGISNULL(0))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_not_null).")));
PG_RETURN_VOID();
@@ -282,13 +282,13 @@ plunit_assert_equals_message(PG_FUNCTION
if (PG_ARGISNULL(0) || PG_ARGISNULL(1))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_equals).")));
if (!assert_equals_base(fcinfo))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_equals).")));
PG_RETURN_VOID();
@@ -328,13 +328,13 @@ plunit_assert_equals_range_message(PG_FU
if (PG_ARGISNULL(0) || PG_ARGISNULL(1) || PG_ARGISNULL(2))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_equals).")));
if (!assert_equals_range_base(fcinfo))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_equals).")));
PG_RETURN_VOID();
@@ -377,13 +377,13 @@ plunit_assert_not_equals_message(PG_FUNC
if (PG_ARGISNULL(0) || PG_ARGISNULL(1))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_not_equals).")));
if (assert_equals_base(fcinfo))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_not_equals).")));
PG_RETURN_VOID();
@@ -404,13 +404,13 @@ plunit_assert_not_equals_range_message(P
if (PG_ARGISNULL(0) || PG_ARGISNULL(1) || PG_ARGISNULL(2))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_not_equals).")));
if (assert_equals_range_base(fcinfo))
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation fails (assert_not_equals).")));
PG_RETURN_VOID();
@@ -442,7 +442,7 @@ plunit_fail_message(PG_FUNCTION_ARGS)
ereport(ERROR,
(errcode(ERRCODE_CHECK_VIOLATION),
- errmsg(message),
+ errmsg("%s",message),
errdetail("Plunit.assertation (assert_fail).")));
PG_RETURN_VOID();
fix-format-security-errors.diff
