-NEWS for rsync version 2.5.7
+NEWS for rsync version 2.5.8
Protocol: 27 (changed)
-Changes since version 2.5.6:
+Changes since version 2.5.7:
ENHANCEMENTS:
(Wayne Davison)
+NEWS for rsync version 2.5.7:
+Protocol: 26 (unchanged)
+Changes since version 2.5.6:
+
+ SECURITY:
+
+ * Fix buffer handling bugs. (Andrew Tridgell, Martin Pool, Paul
+ Russell, Andrea Barisani)
+
+
NEWS for rsync version 2.5.6, aka the dwd-between-jobs release
Protocol: 26 (unchanged)
Changes since version 2.5.5:
fdb_open = 1;
fdb_close = 0;
- batch_flist = (struct file_list *) malloc(sizeof(batch_flist[0]));
+ batch_flist = new(struct file_list);
if (!batch_flist) {
out_of_memory("create_flist_from_batch");
}
batch_flist->count = 0;
batch_flist->malloced = 1000;
- batch_flist->files =
- (struct file_struct **) malloc(sizeof(batch_flist->files[0]) *
- batch_flist->malloced);
+ batch_flist->files = new_array(struct file_struct *,
+ batch_flist->malloced);
if (!batch_flist->files) {
out_of_memory("create_flist_from_batch");
}
batch_flist->malloced += 1000;
else
batch_flist->malloced *= 2;
- batch_flist->files =
- (struct file_struct **) realloc(batch_flist->
- files,
- sizeof
- (batch_flist->
- files[0]) *
- batch_flist->
- malloced);
+ batch_flist->files
+ = realloc_array(batch_flist->files,
+ struct file_struct *,
+ batch_flist->malloced);
if (!batch_flist->files)
out_of_memory("create_flist_from_batch");
}
char buff[256];
struct file_struct *file;
- file = (struct file_struct *) malloc(sizeof(*file));
+ file = new(struct file_struct);
if (!file)
out_of_memory("read_batch_flist_info");
memset((char *) file, 0, sizeof(*file));
if (len > len1) {
if (buf1) free(buf1);
- buf1 = (char *)malloc(len+4);
+ buf1 = new_array(char, len+4);
len1 = len;
if (!buf1) out_of_memory("get_checksum2");
}
AC_CONFIG_HEADER(config.h)
AC_PREREQ(2.52)
-RSYNC_VERSION=2.5.6
+RSYNC_VERSION=2.5.7
AC_SUBST(RSYNC_VERSION)
AC_MSG_NOTICE([Configuring rsync $RSYNC_VERSION])
char *cp;
int pat_len;
- ret = (struct exclude_struct *)malloc(sizeof(*ret));
+ ret = new(struct exclude_struct);
if (!ret) out_of_memory("make_exclude");
memset(ret, 0, sizeof(*ret));
if (exclude_path_prefix)
ret->match_flags |= MATCHFLG_ABS_PATH;
if (exclude_path_prefix && *pattern == '/') {
- ret->pattern = malloc(strlen(exclude_path_prefix)
- + strlen(pattern) + 1);
+ ret->pattern = new_array(char,
+ strlen(exclude_path_prefix) + strlen(pattern) + 1);
if (!ret->pattern) out_of_memory("make_exclude");
sprintf(ret->pattern, "%s%s", exclude_path_prefix, pattern);
}
if (list)
for (; list[len]; len++) {}
- list = *listp = (struct exclude_struct **)Realloc(list,sizeof(struct exclude_struct *)*(len+2));
+ list = *listp = realloc_array(list, struct exclude_struct *, len+2);
if (!list || !(list[len] = make_exclude(pattern, include)))
out_of_memory("add_exclude");
struct map_struct *map_file(int fd,OFF_T len)
{
struct map_struct *map;
- map = (struct map_struct *)malloc(sizeof(*map));
+ map = new(struct map_struct);
if (!map) out_of_memory("map_file");
map->fd = fd;
/* make sure we have allocated enough memory for the window */
if (window_size > map->p_size) {
- map->p = (char *)Realloc(map->p, window_size);
+ map->p = realloc_array(map->p, char, window_size);
if (!map->p) out_of_memory("map_ptr");
map->p_size = window_size;
}
if (size <= 0)
size = ARENA_SIZE;
- a = malloc(sizeof(*a));
+ a = new(struct string_area);
if (!a)
out_of_memory("string_area_new");
- a->current = a->base = malloc(size);
+ a->current = a->base = new_array(char, size);
if (!a->current)
out_of_memory("string_area_new buffer");
a->end = a->base + size;
static void flist_expand(struct file_list *flist)
{
if (flist->count >= flist->malloced) {
- size_t new_bytes;
void *new_ptr;
if (flist->malloced < 1000)
else
flist->malloced *= 2;
- new_bytes = sizeof(flist->files[0]) * flist->malloced;
-
- if (flist->files)
- new_ptr = realloc(flist->files, new_bytes);
- else
- new_ptr = malloc(new_bytes);
+ if (flist->files) {
+ new_ptr = realloc_array(flist->files,
+ struct file_struct *,
+ flist->malloced);
+ } else {
+ new_ptr = new_array(struct file_struct *,
+ flist->malloced);
+ }
if (verbose >= 2) {
rprintf(FINFO, "expand file_list to %.0f bytes, did%s move\n",
- (double) new_bytes,
+ (double)sizeof(flist->files[0])
+ * flist->malloced,
(new_ptr == flist->files) ? " not" : "");
}
else
l2 = read_byte(f);
- file = (struct file_struct *) malloc(sizeof(*file));
+ file = new(struct file_struct);
if (!file)
out_of_memory("receive_file_entry");
memset((char *) file, 0, sizeof(*file));
rprintf(FERROR, "overflow: l=%d\n", l);
overflow("receive_file_entry");
}
- file->link = (char *) malloc(l + 1);
+ file->link = new_array(char, l + 1);
if (!file->link)
out_of_memory("receive_file_entry 2");
read_sbuf(f, file->link, l);
#endif
if (always_checksum) {
- file->sum = (char *) malloc(MD4_SUM_LENGTH);
+ file->sum = new_array(char, MD4_SUM_LENGTH);
if (!file->sum)
out_of_memory("md4 sum");
if (protocol_version < 21) {
if (verbose > 2)
rprintf(FINFO, "make_file(%s,*,%d)\n", fname, exclude_level);
- file = (struct file_struct *) malloc(sizeof(*file));
+ file = new(struct file_struct);
if (!file)
out_of_memory("make_file");
memset((char *) file, 0, sizeof(*file));
start_read = stats.total_read;
- flist = (struct file_list *) malloc(sizeof(flist[0]));
+ flist = new(struct file_list);
if (!flist)
goto oom;
flist->count = 0;
flist->malloced = 1000;
- flist->files =
- (struct file_struct **) malloc(sizeof(flist->files[0]) *
- flist->malloced);
+ flist->files = new_array(struct file_struct *, flist->malloced);
if (!flist->files)
goto oom;
{
struct file_list *flist;
- flist = (struct file_list *) malloc(sizeof(flist[0]));
+ flist = new(struct file_list);
if (!flist)
out_of_memory("send_file_list");
if (hlink_list)
free(hlink_list);
- if (!(hlink_list =
- (struct file_struct *) malloc(sizeof(hlink_list[0]) *
- flist->count)))
+ if (!(hlink_list = new_array(struct file_struct, flist->count)))
out_of_memory("init_hard_links");
for (i = 0; i < flist->count; i++)
{
if (io_buffer) return;
multiplex_out_fd = fd;
- io_buffer = (char *)malloc(IO_BUFFER_SIZE);
+ io_buffer = new_array(char, IO_BUFFER_SIZE);
if (!io_buffer) out_of_memory("writefd");
io_buffer_count = 0;
}
i = iNumServices;
- ServicePtrs = (service **)Realloc(ServicePtrs,sizeof(service *)*num_to_alloc);
+ ServicePtrs = realloc_array(ServicePtrs, service *, num_to_alloc);
if (ServicePtrs)
- pSERVICE(iNumServices) = (service *)malloc(sizeof(service));
+ pSERVICE(iNumServices) = new(service);
if (!ServicePtrs || !pSERVICE(iNumServices))
return(-1);
static void err_list_add(int code, char *buf, int len)
{
struct err_list *el;
- el = (struct err_list *)malloc(sizeof(*el));
+ el = new(struct err_list);
if (!el) exit_cleanup(RERR_MALLOC);
el->next = NULL;
- el->buf = malloc(len+4);
+ el->buf = new_array(char, len+4);
if (!el->buf) exit_cleanup(RERR_MALLOC);
memcpy(el->buf+4, buf, len);
SIVAL(el->buf, 0, ((code+MPLEX_BASE)<<24) | len);
int i;
if (!tag_table)
- tag_table = (int *)malloc(sizeof(tag_table[0])*TABLESIZE);
+ tag_table = new_array(int, TABLESIZE);
- targets = (struct target *)malloc(sizeof(targets[0])*s->count);
+ targets = new_array(struct target, s->count);
if (!tag_table || !targets)
out_of_memory("build_hash_table");
/* Only send --suffix if it specifies a non-default value. */
if (strcmp(backup_suffix, backup_dir? "" : BACKUP_SUFFIX) != 0) {
- char *s = malloc(9+backup_suffix_len+1);
+ char *s = new_array(char, 9+backup_suffix_len+1);
if (!s)
out_of_memory("server_options");
/* We use the following syntax to avoid weirdness with '~'. */
Summary: Program for efficient remote updates of files.
Name: rsync
-Version: 2.5.6
+Version: 2.5.7
Release: 1
Copyright: GPL
Group: Applications/Networking
-Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.5.6.tar.gz
+Source: ftp://samba.anu.edu.au/pub/rsync/rsync-2.5.7.tar.gz
URL: http://samba.anu.edu.au/rsync/
Packager: Andrew Tridgell <tridge@samba.anu.edu.au>
BuildRoot: /tmp/rsync
if( i > (bSize - 2) )
{
bSize += BUFR_INC;
- bufr = Realloc( bufr, bSize );
+ bufr = realloc_array( bufr, char, bSize );
if( NULL == bufr )
{
rprintf(FERROR, "%s Memory re-allocation failure.", func);
if( i > (bSize - 2) ) /* Ensure there's space for next char. */
{
bSize += BUFR_INC;
- bufr = Realloc( bufr, bSize );
+ bufr = realloc_array( bufr, char, bSize );
if( NULL == bufr )
{
rprintf(FERROR, "%s Memory re-allocation failure.", func) ;
if( i > (bSize - 2) ) /* Make sure there's enough room. */
{
bSize += BUFR_INC;
- bufr = Realloc( bufr, bSize );
+ bufr = realloc_array( bufr, char, bSize );
if( NULL == bufr )
{
rprintf(FERROR, "%s Memory re-allocation failure.", func) ;
else /* If we don't have a buffer */
{ /* allocate one, then parse, */
bSize = BUFR_INC; /* then free. */
- bufr = (char *)malloc( bSize );
+ bufr = new_array( char, bSize );
if( NULL == bufr )
{
rprintf(FERROR,"%s memory allocation failure.\n", func);
{
if (dlist_len == dlist_alloc_len) {
dlist_alloc_len += 1024;
- delete_list = (struct delete_list *)Realloc(delete_list, sizeof(delete_list[0])*dlist_alloc_len);
+ delete_list = realloc_array(delete_list, struct delete_list,
+ dlist_alloc_len);
if (!delete_list) out_of_memory("add_delete_entry");
}
/* treat failure (-1) as if not member of any group */
ngroups = getgroups(0, 0);
if (ngroups > 0) {
- gidset = (GETGROUPS_T *) malloc(ngroups * sizeof(GETGROUPS_T));
+ gidset = new_array(GETGROUPS_T, ngroups);
ngroups = getgroups(ngroups, gidset);
}
}
#endif
+/* Convenient wrappers for malloc and realloc. Use them. */
+#define new(type) ((type *)malloc(sizeof(type)))
+#define new_array(type, num) ((type *)_new_array(sizeof(type), (num)))
+#define realloc_array(ptr, type, num) ((type *)_realloc_array((ptr), sizeof(type), (num)))
/* use magic gcc attributes to catch format errors */
void rprintf(enum logcode , const char *, ...)
int i;
OFF_T offset = 0;
- s = (struct sum_struct *)malloc(sizeof(*s));
+ s = new(struct sum_struct);
if (!s) out_of_memory("receive_sums");
read_sum_head(f, s);
if (s->count == 0)
return(s);
- s->sums = (struct sum_buf *)malloc(sizeof(s->sums[0])*s->count);
+ s->sums = new_array(struct sum_buf, s->count);
if (!s->sums) out_of_memory("receive_sums");
for (i = 0; i < (int) s->count; i++) {
int n;
if (!buf) {
- buf = (char *)malloc(CHUNK_SIZE);
+ buf = new_array(char, CHUNK_SIZE);
if (!buf) out_of_memory("simple_recv_token");
}
rprintf(FERROR, "compression init failed\n");
exit_cleanup(RERR_STREAMIO);
}
- if ((obuf = malloc(OBUF_SIZE)) == NULL)
+ if ((obuf = new_array(char, OBUF_SIZE)) == NULL)
out_of_memory("send_deflated_token");
init_done = 1;
} else
rprintf(FERROR, "inflate init failed\n");
exit_cleanup(RERR_STREAMIO);
}
- if ((cbuf = malloc(MAX_DATA_COUNT)) == NULL
- || (dbuf = malloc(AVAIL_OUT_SIZE(CHUNK_SIZE))) == NULL)
+ if (!(cbuf = new_array(char, MAX_DATA_COUNT))
+ || !(dbuf = new_array(char, AVAIL_OUT_SIZE(CHUNK_SIZE))))
out_of_memory("recv_deflated_token");
init_done = 1;
} else {
static struct idlist *add_list(int id, char *name)
{
- struct idlist *list = (struct idlist *)malloc(sizeof(list[0]));
+ struct idlist *list = new(struct idlist);
if (!list) out_of_memory("add_list");
list->next = NULL;
list->name = strdup(name);
id = read_int(f);
while (id != 0) {
int len = read_byte(f);
- name = (char *)malloc(len+1);
+ name = new_array(char, len+1);
if (!name) out_of_memory("recv_uid_list");
read_sbuf(f, name, len);
if (!list) {
id = read_int(f);
while (id != 0) {
int len = read_byte(f);
- name = (char *)malloc(len+1);
+ name = new_array(char, len+1);
if (!name) out_of_memory("recv_uid_list");
read_sbuf(f, name, len);
if (!list) {
}
}
-void *Realloc(void *p, int size)
-{
- if (!p) return (void *)malloc(size);
- return (void *)realloc(p, size);
-}
-
-
void clean_fname(char *name)
{
char *p;
return ret;
}
#endif
+
+
+#define MALLOC_MAX 0x40000000
+
+void *_new_array(unsigned int size, unsigned long num)
+{
+ if (num >= MALLOC_MAX/size)
+ return NULL;
+ return malloc(size * num);
+}
+
+void *_realloc_array(void *ptr, unsigned int size, unsigned long num)
+{
+ if (num >= MALLOC_MAX/size)
+ return NULL;
+ /* No realloc should need this, but just in case... */
+ if (!ptr)
+ return malloc(size * num);
+ return realloc(ptr, size * num);
+}