Module Name: src
Committed By: dholland
Date: Mon Aug 31 07:11:17 UTC 2009
Modified Files:
src/bin/rcp: rcp.c
Log Message:
Fix up seriously borked mallocing of a static buffer, which seems to
have been this way since at least 4.4. This will still dump core if
malloc fails on the first trip through, instead of on any malloc
failure, but should otherwise behave much more reasonably.
To generate a diff of this commit:
cvs rdiff -u -r1.47 -r1.48 src/bin/rcp/rcp.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/bin/rcp/rcp.c
diff -u src/bin/rcp/rcp.c:1.47 src/bin/rcp/rcp.c:1.48
--- src/bin/rcp/rcp.c:1.47 Sun Jul 20 00:52:40 2008
+++ src/bin/rcp/rcp.c Mon Aug 31 07:11:16 2009
@@ -1,4 +1,4 @@
-/* $NetBSD: rcp.c,v 1.47 2008/07/20 00:52:40 lukem Exp $ */
+/* $NetBSD: rcp.c,v 1.48 2009/08/31 07:11:16 dholland Exp $ */
/*
* Copyright (c) 1983, 1990, 1992, 1993
@@ -39,7 +39,7 @@
#if 0
static char sccsid[] = "@(#)rcp.c 8.2 (Berkeley) 4/2/94";
#else
-__RCSID("$NetBSD: rcp.c,v 1.47 2008/07/20 00:52:40 lukem Exp $");
+__RCSID("$NetBSD: rcp.c,v 1.48 2009/08/31 07:11:16 dholland Exp $");
#endif
#endif /* not lint */
@@ -583,15 +583,22 @@
SCREWUP("size not delimited");
if (targisdir) {
static char *namebuf;
- static int cursize;
+ static size_t cursize;
+ char *newnamebuf;
size_t need;
need = strlen(targ) + strlen(cp) + 250;
if (need > cursize) {
- if (!(namebuf = malloc(need)))
+ newnamebuf = realloc(namebuf, need);
+ if (newnamebuf != NULL) {
+ namebuf = newnamebuf;
+ cursize = need;
+ } else {
+ /* note: run_err is not fatal */
run_err("%s", strerror(errno));
+ }
}
- (void)snprintf(namebuf, need, "%s%s%s", targ,
+ (void)snprintf(namebuf, cursize, "%s%s%s", targ,
*targ ? "/" : "", cp);
np = namebuf;
} else
