Package: libpam-pgsql
Version: 0.7.1-4
Severity: normal
Tags: patch
--- Please enter the report below this line. ---
Specifier '%d' used in function pg_execParam for address to string
conversion gives negative values for numbers greater than 127.
For example address x.199.x.x is put in query as x.-57.x.x.
Included patch replaces sprintf with inet_ntop.
--- System information. ---
Architecture: i386
Kernel: Linux 2.6.32-3-686
Debian Release: squeeze/sid
990 unstable www.kadu.net
990 unstable www.debian-multimedia.org
990 unstable ftp.pl.debian.org
--- Package information. ---
Depends (Version) | Installed
==================================-+-======================
libc6 (>= 2.3) | 2.11.2-7
libpam0g (>= 0.99.7.1) | 1.1.1-6.1
libpq5 (>= 8.4~0cvs20090328) | 9.0.1-1
Package's Recommends field is empty.
Package's Suggests field is empty.
--- backend_pgsql.c 2010-11-14 03:49:37.000000000 +0100
+++ /tmp/backend_pgsql.c 2010-11-14 03:50:38.000000000 +0100
@@ -204,13 +204,8 @@
if(rhost != NULL && (hentry = gethostbyname(rhost)) != NULL) {
/* Make IP string */
- raddr = malloc(16);
- sprintf(raddr, "%d.%d.%d.%d",
- hentry->h_addr_list[0][0],
- hentry->h_addr_list[0][1],
- hentry->h_addr_list[0][2],
- hentry->h_addr_list[0][3]);
- raddr[15] = 0;
+ raddr = malloc(INET_ADDRSTRLEN);
+ inet_ntop(AF_INET, hentry->h_addr_list[0], raddr, INET_ADDRSTRLEN);
}
nparm = expand_query(&command, values, query, service, user, passwd, rhost, raddr);
