int len;
va_start(ap, format);
- len = vslprintf(buf, sizeof(buf), format, ap);
+ len = vsnprintf(buf, sizeof(buf), format, ap);
va_end(ap);
- if (len > sizeof(buf)-1) exit_cleanup(RERR_MESSAGEIO);
+ /* Deal with buffer overruns. Instead of panicking, just
+ * truncate the resulting string. Note that some vsnprintf()s
+ * return -1 on truncation, e.g., glibc 2.0.6 and earlier. */
+ if (len > sizeof(buf)-1 || len < 0) {
+ const char ellipsis[] = "[...]";
+
+ /* Reset length, and zero-terminate the end of our buffer */
+ len = sizeof(buf)-1;
+ buf[len] = '\0';
+
+ /* Copy the ellipsis to the end of the string, but give
+ * us one extra character:
+ *
+ * v--- null byte at buf[sizeof(buf)-1]
+ * abcdefghij0
+ * -> abcd[...]00 <-- now two null bytes at end
+ *
+ * If the input format string has a trailing newline,
+ * we copy it into that extra null; if it doesn't, well,
+ * all we lose is one byte. */
+ strncpy(buf+len-sizeof(ellipsis), ellipsis, sizeof(ellipsis));
+ if (format[strlen(format)-1] == '\n') {
+ buf[len-1] = '\n';
+ }
+ }
rwrite(code, buf, len);
}
char *sysmsg;
va_start(ap, format);
- len = vslprintf(buf, sizeof(buf), format, ap);
+ len = vsnprintf(buf, sizeof(buf), format, ap);
va_end(ap);
if (len > sizeof(buf)-1) exit_cleanup(RERR_MESSAGEIO);
case 'h': if (am_daemon) n = client_name(0); break;
case 'a': if (am_daemon) n = client_addr(0); break;
case 'l':
- slprintf(buf2,sizeof(buf2),"%.0f",
+ snprintf(buf2,sizeof(buf2),"%.0f",
(double)file->length);
n = buf2;
break;
case 'p':
- slprintf(buf2,sizeof(buf2),"%d",
+ snprintf(buf2,sizeof(buf2),"%d",
(int)getpid());
n = buf2;
break;
case 'o': n = op; break;
case 'f':
- slprintf(buf2, sizeof(buf2), "%s/%s",
+ snprintf(buf2, sizeof(buf2), "%s/%s",
file->basedir?file->basedir:"",
f_name(file));
clean_fname(buf2);
b = stats.total_read -
initial_stats->total_read;
}
- slprintf(buf2,sizeof(buf2),"%.0f", (double)b);
+ snprintf(buf2,sizeof(buf2),"%.0f", (double)b);
n = buf2;
break;
case 'c':
b = stats.total_read -
initial_stats->total_read;
}
- slprintf(buf2,sizeof(buf2),"%.0f", (double)b);
+ snprintf(buf2,sizeof(buf2),"%.0f", (double)b);
n = buf2;
break;
}
if (!name)
name = "unexplained error";
- rprintf(FERROR,"transfer error: %s (code %d) at %s(%d)\n",
+ rprintf(FERROR,"rsync error: %s (code %d) at %s(%d)\n",
name, code, file, line);
}
}