*n++ = *p++;
while (isdigit(*(uchar*)p) && n - fmt < (int)(sizeof fmt) - 8)
*n++ = *p++;
+ if (!*p)
+ break;
*n = '\0';
n = NULL;
file->dir.root, n);
/* The buffer from safe_fname() has more
* room than MAXPATHLEN, so this is safe. */
- strcpy(n, buf2);
+ if (fmt[1])
+ strcpy(n, buf2);
+ else
+ n = buf2;
}
clean_fname(n, 0);
if (*n == '/')
break;
}
- /* Subtract the length of the escape from the string's size. */
- total -= p - s;
-
/* "n" is the string to be inserted in place of this % code. */
if (!n)
continue;
}
len = strlen(n);
+ /* Subtract the length of the escape from the string's size. */
+ total -= p - s;
+
if (len + total >= sizeof buf) {
rprintf(FERROR,
"buffer overflow expanding %%%c -- exiting\n",