X-Git-Url: https://mattmccutchen.net/rsync/rsync.git/blobdiff_plain/654175798bdbdd6403e10c8fa74e8586b3612ea1..3a64ad1fd0429575aa0236736f3fc175d9f9ef58:/receiver.c

diff --git a/receiver.c b/receiver.c
index 189aa417..9701303b 100644
--- a/receiver.c
+++ b/receiver.c
@@ -163,7 +163,7 @@ static int get_tmpname(char *fnametmp, char *fname)
 			rprintf(FERROR,"filename too long\n");
 			return 0;
 		}
-		slprintf(fnametmp,MAXPATHLEN-1, "%s/.%s.XXXXXX",tmpdir,f);
+		slprintf(fnametmp,MAXPATHLEN, "%s/.%s.XXXXXX",tmpdir,f);
 		return 1;
 	} 
 
@@ -176,11 +176,11 @@ static int get_tmpname(char *fnametmp, char *fname)
 
 	if (f) {
 		*f = 0;
-		slprintf(fnametmp,MAXPATHLEN-1,"%s/.%s.XXXXXX",
+		slprintf(fnametmp,MAXPATHLEN,"%s/.%s.XXXXXX",
 			 fname,f+1);
 		*f = '/';
 	} else {
-		slprintf(fnametmp,MAXPATHLEN-1,".%s.XXXXXX",fname);
+		slprintf(fnametmp,MAXPATHLEN,".%s.XXXXXX",fname);
 	}
 
 	return 1;
@@ -353,7 +353,7 @@ int recv_files(int f_in,struct file_list *flist,char *local_name,int f_gen)
 
 		if ((fd1 == -1) && (compare_dest != NULL)) {
 			/* try the file at compare_dest instead */
-			slprintf(fnamecmpbuf,MAXPATHLEN-1,"%s/%s",
+			slprintf(fnamecmpbuf,MAXPATHLEN,"%s/%s",
 						compare_dest,fname);
 			fnamecmp = fnamecmpbuf;
 			fd1 = open(fnamecmp,O_RDONLY);
@@ -387,6 +387,10 @@ int recv_files(int f_in,struct file_list *flist,char *local_name,int f_gen)
 			continue;
 		}
 
+		/* mktemp is deliberately used here instead of mkstemp.
+		   because O_EXCL is used on the open, the race condition
+		   is not a problem or a security hole, and we want to
+		   control the access permissions on the created file. */
 		if (NULL == do_mktemp(fnametmp)) {
 			rprintf(FERROR,"mktemp %s failed\n",fnametmp);
 			receive_data(f_in,buf,-1,NULL,file->length);