Package: rsh-client Version: 0.17-17+b1 Severity: normal Tags: patch Dear Maintainer,
The way to reproduce is as follows. hostA$ mkdir /tmp/src300000 hostA$ cd /tmp/src300000 hostA$ seq 100 300000 | xargs touch hostB terminal-1: monitor memory use - e.g. top command. hostB terminal-2: execute the rcp command as follows. hostB$ mkdir /tmp/dest-0123456789abcdefghijklmnopqrstuvwxyz hostB$ netkit-rcp -r hostA:/tmp/src300000 /tmp/dest-0123456789abcdefghijklmnopqrstuvwxyz It will fix with the following patch. --- netkit-rsh-0.17/rcp/rcp.c +++ new/rcp/rcp.c @@ -645,6 +645,8 @@ int ofd, setimes, targisdir; off64_t size; char *np, *vect[1], buf[BUFSIZ]; + char *namebuf = NULL; + unsigned cursize = 0, nbase = 0; #define atime tv[0] #define mtime tv[1] @@ -666,8 +668,11 @@ targisdir = 1; for (first = 1;; first = 0) { cp = buf; - if (read(rem, cp, 1) <= 0) + if (read(rem, cp, 1) <= 0) { + if (namebuf) + free(namebuf); return; + } if (*cp++ == '\n') SCREWUP("unexpected <newline>"); do { @@ -687,6 +692,8 @@ } if (buf[0] == 'E') { (void)write(rem, "", 1); + if (namebuf) + free(namebuf); return; } @@ -741,17 +748,28 @@ if (*cp++ != ' ') SCREWUP("size not delimited"); if (targisdir) { - static char *namebuf; - static int cursize; - int need; - - need = strlen(targ) + strlen(cp) + 250; + char *newbuf; + int need = strlen(targ) + strlen(cp) + 2; if (need > cursize) { - if (!(namebuf = malloc(need))) + need += 64; + if (!(newbuf = malloc(need))) { error("out of memory\n"); + exit(1); + } + if (namebuf) { + memcpy(newbuf, namebuf, nbase); + newbuf[nbase] = '\0'; + free(namebuf); + } else { + strcpy(newbuf, targ); + if (*newbuf) + strcat(newbuf, "/"); + nbase = strlen(newbuf); + } + namebuf = newbuf; + cursize = need; } - (void)snprintf(namebuf, need, "%s%s%s", targ, - *targ ? "/" : "", cp); + strcpy(namebuf + nbase, cp); np = namebuf; } else Thank you, Hiroyuki YAMAMORI -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 4.14.0-3-amd64 (SMP w/8 CPU cores) Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages rsh-client depends on: ii libc6 2.26-6 rsh-client recommends no packages. rsh-client suggests no packages. -- no debconf information