Module Name: src Committed By: dholland Date: Mon Aug 31 07:11:17 UTC 2009
Modified Files: src/bin/rcp: rcp.c Log Message: Fix up seriously borked mallocing of a static buffer, which seems to have been this way since at least 4.4. This will still dump core if malloc fails on the first trip through, instead of on any malloc failure, but should otherwise behave much more reasonably. To generate a diff of this commit: cvs rdiff -u -r1.47 -r1.48 src/bin/rcp/rcp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/bin/rcp/rcp.c diff -u src/bin/rcp/rcp.c:1.47 src/bin/rcp/rcp.c:1.48 --- src/bin/rcp/rcp.c:1.47 Sun Jul 20 00:52:40 2008 +++ src/bin/rcp/rcp.c Mon Aug 31 07:11:16 2009 @@ -1,4 +1,4 @@ -/* $NetBSD: rcp.c,v 1.47 2008/07/20 00:52:40 lukem Exp $ */ +/* $NetBSD: rcp.c,v 1.48 2009/08/31 07:11:16 dholland Exp $ */ /* * Copyright (c) 1983, 1990, 1992, 1993 @@ -39,7 +39,7 @@ #if 0 static char sccsid[] = "@(#)rcp.c 8.2 (Berkeley) 4/2/94"; #else -__RCSID("$NetBSD: rcp.c,v 1.47 2008/07/20 00:52:40 lukem Exp $"); +__RCSID("$NetBSD: rcp.c,v 1.48 2009/08/31 07:11:16 dholland Exp $"); #endif #endif /* not lint */ @@ -583,15 +583,22 @@ SCREWUP("size not delimited"); if (targisdir) { static char *namebuf; - static int cursize; + static size_t cursize; + char *newnamebuf; size_t need; need = strlen(targ) + strlen(cp) + 250; if (need > cursize) { - if (!(namebuf = malloc(need))) + newnamebuf = realloc(namebuf, need); + if (newnamebuf != NULL) { + namebuf = newnamebuf; + cursize = need; + } else { + /* note: run_err is not fatal */ run_err("%s", strerror(errno)); + } } - (void)snprintf(namebuf, need, "%s%s%s", targ, + (void)snprintf(namebuf, cursize, "%s%s%s", targ, *targ ? "/" : "", cp); np = namebuf; } else